Suspicious Combofix log. please help

[combofix432]

Hi guys, i have been trying to remove malwares from a computer that i suspect has been infected for over a year. the operating system is an upgraded windows 8.1. Since i wanted to run combofix, i restored it to windows 8 using the factory setting and at the same time keeping all my files.



Then i began running tsdkiller, Rkill, combofix, roguekiller, malwarebytes anti malware, hitmanpro, eset online scanner, emsisoft emergency kit in the written order. In the middle of this i needed to restart the computer after running combofix. this turned out to be difficult because all of a sudden the restart button stopped working. it said epowerbutton.exe not working. so i had to use win+i to get to another restart button to restart the pc. At the end of using all the above tools nothing was found. Hitman pro found the most by finding cookies in my web browser. This made me very suspicious knowing that the pc has been infected for over a year.



when i looked at the combofix log, it contained locked registery keys that are hard for me to recognize if they are legit or not. i even became more suspicious when i run GMER rootkit , it says ''C:\WINDOWS\system32\config\system:The process cannot access the file because it is being used by another process''. then after i press ok it continues to scan but when i press stop it says the same thing again and also ''C:\user\selam\ntuser.dat.The process cannot access the file because it is being used by another process''.



when i use GMER on my other clean computer none of this happens! it works perfectly. To make matters worse even the BIOS(firmware) seems to have been manipuilated or corrupted because i can't boot from the cd rom. and i made sure to make cd rom the first one in the boot order. i used windows installation cd, hirens boot cd 15.2 and still it wont boot from the cd rom.

i am not a computer guy and i dont have the skill to root out the problem. i suspect a malware that is able to hide itself somehow. i will post the combofix log below. some of the headers is in swedish but everything else is in english. thank you for your support!

 

[combofix432]

here is the combofix log:-

ComboFix 15-08-03.01 - selam 2015-08-05 23:11:07.2.2 - x64
Microsoft Windows 8 6.2.9200.0.1252.46.1053.18.3911.1426 [GMT 2:00]
Körs från: c:\users\selam\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((( Filer skapade från 2015-07-05 till 2015-08-05 ))))))))))))))))))))))))))))))
.
.
2015-08-05 21:17 . 2015-08-05 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-05 21:17 . 2015-08-05 21:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-05 20:52 . 2015-08-05 20:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-05 20:52 . 2015-08-05 20:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-05 20:52 . 2015-08-05 20:52 -------- d-----w- c:\programdata\Malwarebytes
2015-08-05 20:52 . 2015-06-18 06:42 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-05 20:52 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-05 20:52 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-05 20:25 . 2015-08-05 20:25 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-05 20:24 . 2015-08-05 20:25 -------- d-----w- c:\program files\RogueKiller
2015-08-05 20:21 . 2015-08-05 21:09 -------- d-----w- c:\programdata\RogueKiller
2015-08-05 19:51 . 2015-08-05 19:52 -------- d-----w- c:\program files (x86)\Google
2015-08-05 19:42 . 2015-08-05 19:42 -------- d-----w- C:\Windows.old
2015-08-05 19:14 . 2015-08-05 19:14 -------- d-----w- C:\$WINDOWS.~BT
2015-08-05 18:57 . 2015-08-05 18:57 -------- d-----w- c:\program files\Preload
2015-08-05 18:54 . 2015-08-05 18:54 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-08-05 18:45 . 2015-08-05 18:57 -------- d-----w- c:\users\selam
2015-08-05 18:11 . 2015-08-05 19:13 -------- d-----w- C:\$SysReset
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RadioController"="c:\program files (x86)\RadioController\RfBtnHelper.exe" [2013-01-05 111216]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-08-15 2994880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00E\ccSetx64.sys [x]
S2 BrcmCardReader;Broadcom Card Reader Service;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\System32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\System32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\System32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\System32\drivers\bScsiSDa.sys;c:\windows\SYSNATIVE\drivers\bScsiSDa.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S3 IntcDAud;Intel® bildskärmsljud;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-05 19:52 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2015-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05 19:51]
.
2015-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05 19:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-23 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-23 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-23 441888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Toolbar-Locked - (no file)
.
.
.

 

[combofix432]

--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="q9KT0+CEC6w="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="0dIuO5Ak4Oo="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="cL/qY1bi3hs="
"ProgId"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="FzRsN8mbIQ4="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Hash"="0KaxvpfcWRU="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (Administrator)
"Hash"="7mdgI9/e0hg="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="G9nahOsCoE8="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ZWytlCBndB0="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="V1FeuxvOaoc="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Hash"="I476ntToR6o="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="KVcfBr82iRc="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="i0cJvH51OFQ="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6f4BdFbhSqI="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="l98DBTss6c4="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="CoA7KvX1TNI="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Hash"="EWlkXMQm2FE="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="gWuD94h5emA="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Hash"="qNS63XtndQY="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tenwYC+caa4="
"ProgId"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Hash"="F94sU8LCs+k="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"

 

[combofix432]

.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ozv7qux92qI="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="gEHnzMzRZ5A="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Hash"="lsd3+lVBkZo="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice]
@Denied: (2) (Administrator)
"Hash"="BUpWo+JQ2Bw="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="LAOvAofpfcU="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="+b5b+WR/Uog="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="kl+bVvaWgPw="
"ProgId"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="MEEBr+fQaYc="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="d+Ha/TVnbX4="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Hash"="NsQEdqjYxEM="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Nl5gNuiwnFc="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Hash"="zCgo0t4ujRI="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9NIpss4ND0w="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="k+rCXVdE1DU="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Hash"="+Mc1gggXWsA="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="/bygC4LU0EE="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="J3qD36jOy60="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dYkM5N7Dyc4="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9HOHq/Vy7uE="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice]
@Denied: (2) (Administrator)
"Hash"="+xYdTDj2kU4="
"ProgId"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-533003946-2387135784-3296583122-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="SqGoKgp0M3k="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Sluttid: 2015-08-05 23:27:00
ComboFix-quarantined-files.txt 2015-08-05 21:26
ComboFix2.txt 2015-08-05 20:19
.
Före genomsökningen: 349 875 494 912 bytes free
Efter genomsökningen: 349 824 364 544 bytes free
.
- - End Of File - - 89EAB8DF89D0E09BCA6E7A0309B66625

 

[johnb35]

Are you running the latest version of Malwarebytes? If those are malware then it should have picked them up. For one I don't think combofix is fully supported on windows 8. If you are that worried about it then backup your data and do a fresh install of windows.

 

[combofix432]

yeah everything is updated. i run combofix because i was worried about rootkits and tempering with the registry and system files. i don't even know what the Apps in the registry stand for.

i can't re-install the OS because it wont boot from the CD ROM or USB even if either one is the first one in the boot order.

 

[johnb35]

Let me ask you this. Do you remember seeing a program called MP3 fabulous installed? Are you using an original OS install cd or a burnt copy?

 

[combofix432]

i don't think i have seen that program. i personally did not install it. yes i am using an original cd.

i am thinking about changing the internal hard drive with a new one.
my worry is if a malicious code be inserted in the bios that can re infect a new hard drive. is that possible?

 

[johnb35]

It is possible but not very probable. Go into the bios and disable secure boot and enable legacy boot. This will allow usb and dvd to boot.