Diab Soule

Here I have a combo fix log if that is needed to review first. ComboFix 14-08-19.01 - Timelord 08/20/2014 19:06:54.13.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.852 [GMT -5:00] Running from: c:\users\Timelord\Desktop\more ing time pent on security issues tuesday\ComboFix.exe AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289} FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((( Files Created from 2014-07-21 to 2014-08-21 ))))))))))))))))))))))))))))))) . . 2014-08-21 00:19 . 2014-08-21 00:19 -------- d-----w- c:\users\Timelord\AppData\Local\temp 2014-08-21 00:19 . 2014-08-21 00:19 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-08-21 00:19 . 2014-08-21 00:19 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2014-08-21 00:19 . 2014-08-21 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-19 21:53 . 2014-08-20 14:17 -------- d-----w- c:\users\Timelord\AppData\Local\gtk-2.0 2014-08-17 08:02 . 2014-08-17 08:02 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-08-17 08:01 . 2014-08-17 08:01 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-08-16 20:19 . 2014-08-20 23:04 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-16 20:18 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-16 20:18 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-16 20:18 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-16 20:18 . 2014-08-20 14:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-08-14 21:04 . 2014-08-20 01:08 -------- d-----w- c:\users\Timelord\Synfig 2014-08-14 20:57 . 2014-08-14 21:03 -------- d-----w- c:\program files (x86)\Synfig 2014-08-14 08:07 . 2014-08-14 08:07 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-08-14 08:06 . 2014-07-25 17:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-08-13 04:10 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-13 04:10 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-13 04:10 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-13 04:10 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-13 04:10 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-13 04:10 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-13 04:09 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-13 04:09 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-13 04:06 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll 2014-08-13 03:11 . 2014-08-13 03:11 -------- d-----w- c:\program files (x86)\ESET 2014-08-10 14:59 . 2014-08-10 14:59 -------- d-----w- c:\program files\ESET 2014-08-07 00:30 . 2014-08-07 00:30 -------- d-----w- c:\program files (x86)\Common Files\Real 2014-08-06 08:17 . 2014-08-20 22:37 -------- d-----w- c:\windows\system32\wbem\repository 2014-08-01 00:19 . 2014-08-20 14:17 -------- d-----w- c:\windows\system32\catroot2 2014-07-30 23:52 . 2014-08-07 00:30 -------- d-----w- c:\program files (x86)\Best Buy Digital Music Store Powered by Rhapsody 2014-07-30 22:19 . 2014-07-31 21:55 -------- d-----w- c:\users\Timelord\AppData\Roaming\SanDisk 2014-07-30 22:09 . 2014-07-30 22:14 -------- d-----w- c:\program files (x86)\Best Buy Rhapsody . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-20 19:21 . 2014-07-16 20:04 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-08-13 04:24 . 2012-03-05 02:39 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-06-23 20:57 . 2012-06-13 23:09 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2014-06-23 20:57 . 2012-06-13 23:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2014-06-23 20:57 . 2012-06-13 23:08 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2014-06-18 02:18 . 2014-07-09 04:13 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 04:13 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-06 10:10 . 2014-07-09 04:13 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 04:13 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 04:09 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 04:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 04:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-06-03 06:28 . 2014-06-03 06:18 181064 ----a-w- c:\windows\PSEXESVC.EXE 2014-05-30 08:08 . 2014-07-09 04:13 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-05-30 08:08 . 2014-07-09 04:13 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-05-30 08:08 . 2014-07-09 04:13 340992 ----a-w- c:\windows\system32\schannel.dll 2014-05-30 08:08 . 2014-07-09 04:13 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-05-30 08:08 . 2014-07-09 04:13 307200 ----a-w- c:\windows\system32\ncrypt.dll 2014-05-30 08:08 . 2014-07-09 04:13 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-05-30 08:08 . 2014-07-09 04:13 22016 ----a-w- c:\windows\system32\credssp.dll 2014-05-30 07:52 . 2014-07-09 04:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-05-30 07:52 . 2014-07-09 04:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52 . 2014-07-09 04:13 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2014-05-30 07:52 . 2014-07-09 04:13 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52 . 2014-07-09 04:13 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52 . 2014-07-09 04:13 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-05-30 07:52 . 2014-07-09 04:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2014-05-30 06:45 . 2014-07-09 04:13 497152 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-06-04 382608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DirMngr;DirMngr;c:\users\Timelord\Downloads\GnuPG\dirmngr.exe;c:\users\Timelord\Downloads\GnuPG\dirmngr.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x] S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] S3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-02-24 5581888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mDefault_Page_URL = hxxp://www.google.com IE: Translate Selection - c:\program files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm Trusted Zone: rhapsody.com\rhap-app-4-0 Trusted Zone: rhapsody.com\rhapreg TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9}: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\ FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . Completion time: 2014-08-20 19:24:38 ComboFix-quarantined-files.txt 2014-08-21 00:24 ComboFix2.txt 2014-08-13 01:08 ComboFix3.txt 2014-04-17 01:15 ComboFix4.txt 2014-03-26 02:56 ComboFix5.txt 2014-08-21 00:04 . Pre-Run: 22,071,640,064 bytes free Post-Run: 21,599,277,056 bytes free . - - End Of File - - F88DB7EEC22BF5A91767AF0E1A6ED71C

I have discovered that PUM.homepage has been screwing up my browser. Steps to remove this would be greatly appreciated. Thanks again

I ran rogue killer of the problem. Now I am unable to use security when I go in to properties. Trusted installer is locking me out of any kind of mod and/or regenerates itself hidden. Effectively keeping me from doing a complete re-install.with all traces removed. Tried taking ownership.........SURVEY SAYS.......baaaaah X. Changing Permissions..........SURVEY SAYS........baaaaaaaaaaaah X. Need a correct answer or strike 3. lol........Need any type of logs?

when I ran rogue killer it picked up some registry problems that were disabling things. Information I have gathered from others having same issues is that it may be registry edit virus and/or asterisk logger trying to nab my passwords. I am also getting the message: ERROR communicating with Kernel! I tried using eset's solution but it didn't help. [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001..........................example Today when I log on Windows Media Center has made its way to my tray and is running. starts in:%windir%\ehome target:%windir%\ehome\ehshell.exe Is this a known issue? I haven't done anything concerning windows media center and was not there last night. I am just trying to be thorough while learning as much as I can so please don't think I am not paying attention to what others with more knowledge than myself are saying.

Hello, I have tried all I know to do before seeking help. My HIPS log contains the following: 8/12/2014 9:55:34 PM C:\Windows\System32\services.exe Modify startup settings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Start allowed Automatic mode 8/12/2014 10:03:36 PM C:\Windows\System32\services.exe Modify startup settings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\efavdrv\Start allowed Automatic mode 8/12/2014 10:40:08 PM C:\Windows\System32\services.exe Modify startup settings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMSwissArmy\Start allowed Automatic mode You get the idea I'm sure. ANY help greatly appreciated! Just direct me as to what I need to do on my end. Thanks in advance

thanks......all is good now

Ditto--------have received notice 5 times today