Jump to content

PUM.Hijack.RegEdit, Task Manager Hijacked by Malware


Recommended Posts

The following files are listed here:
DDS Notepad File

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by DavidDaisy at 18:03:35 on 2014-04-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.61.1033.18.4085.2219 [GMT 8:00]
.
AV: BP Security PC Protection *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BP Security PC Protection *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: BP Security Firewall *Disabled* {12DD874C-0022-912A-799C-07583928EF5C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files (x86)\Bigpond\ESP Elements\AuthElementsSvc.exe
c:\Program Files (x86)\bigpond\security\App\syssvcnt.exe
C:\Windows\system32\crypserv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Netsweeper Parental Controls\nsfxsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\sppsvc.exe
c:\Program Files (x86)\Common Files\Sunbelt\SBAMSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Netsweeper Parental Controls\nsfx.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BigPond\security\App\Console.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\Bigpond\ESP Elements\bigpond.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRunOnce: [uninstall C:\Users\DavidDaisy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\DavidDaisy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ESP] "c:\Program Files (x86)\bigpond\security\app\start.exe"
mRun: [NetSweeperAgent] c:\Program Files (x86)\Netsweeper Parental Controls\nsfx.exe
mRun: [NetSweeperLSPReset] "c:\Program Files (x86)\Netsweeper Parental Controls\instlsp.exe" -a -z "MSAFD Tcpip" -n "Liger" -d "c:\Windows\SysWOW64\liger.dll"
mRun: [MapsGalaxy_39 Browser Plugin Loader 64] C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon64.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: DisableRegistryTools = dword:1
uPolicies-System: DisableTaskMgr = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 61.9.242.33 61.9.226.33
TCP: Interfaces\{4F7B9CB7-7E63-4C36-8B91-F5CF647FBFB5} : DHCPNameServer = 61.9.242.33 61.9.226.33
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DavidDaisy\AppData\Roaming\Mozilla\Firefox\Profiles\5dxdivon.default-1380411237482\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-9-18 22600]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-18 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-8-18 208928]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-18 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-18 423240]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-18 79184]
R2 AuthElementsSvc;AuthElementsSvc;C:\Program Files (x86)\BigPond\ESP Elements\AuthElementsSvc.exe [2013-3-12 244008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-1 50344]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-3-27 88280]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-27 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-27 857912]
R2 NSFXSrv;NSFX Service;C:\Program Files (x86)\Netsweeper Parental Controls\nsfxsrv.exe [2012-8-31 59824]
R2 SBAMSvc;PC Protection;C:\Program Files (x86)\Common Files\Sunbelt\SBAMSvc.exe [2010-8-20 2763080]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2010-6-14 64600]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-5 84816]
R3 authfwco;authfwco;C:\Windows\System32\drivers\AUTHfwco.sys [2013-10-2 22056]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-8-19 245760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-27 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-27 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-27 63192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-14 411136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-16 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-18 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-19 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-18 1255736]
.
=============== Created Last 30 ================
.
2014-03-31 21:43:00 -------- d-----w- C:\Users\DavidDaisy\AppData\Roaming\DropboxMaster
2014-03-31 21:41:57 -------- d-----w- C:\Users\DavidDaisy\AppData\Roaming\Dropbox
2014-03-31 21:22:22 43152 ----a-w- C:\Windows\avastSS.scr
2014-03-29 02:05:09 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-03-29 00:58:37 -------- d-----w- C:\Users\DavidDaisy\AppData\Roaming\iExpert Software
2014-03-27 03:04:57 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-27 03:04:42 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-27 03:04:42 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-27 03:04:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-27 03:04:42 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-27 03:04:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-24 22:44:21 -------- d-----w- C:\ProgramData\153D5
2014-03-22 00:56:11 -------- d-----w- C:\Users\DavidDaisy\AppData\Local\filestore
2014-03-22 00:56:04 -------- d-----w- C:\Users\DavidDaisy\AppData\Local\Caphyon
2014-03-22 00:56:03 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-03-22 00:53:49 -------- d-----w- C:\Users\DavidDaisy\AppData\Roaming\Foxtel
2014-03-20 07:32:46 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-20 07:32:46 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-20 07:32:45 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-19 06:42:10 -------- d-----w- C:\ProgramData\A41
2014-03-16 02:15:22 -------- d-----w- C:\Westwood
2014-03-12 02:16:44 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 02:16:44 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
==================== Find3M  ====================
.
2014-03-31 21:22:24 84816 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-03-31 21:22:24 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-03-31 21:22:24 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-31 21:22:23 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-03-31 21:22:23 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-31 21:22:23 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-03-11 21:17:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 21:17:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-11 21:17:04 5777288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-24 15:59:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2014-02-24 15:35:41 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-24 14:01:31 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-24 13:39:32 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 11:12:09 2765824 ----a-w- C:\Windows\System32\iertutil(43).dll
2014-02-06 09:57:22 2168320 ----a-w- C:\Windows\SysWow64\iertutil(49).dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet(47).dll
2014-02-06 09:03:44 11266048 ----a-w- C:\Windows\SysWow64\ieframe(48).dll
2014-02-06 08:55:46 1393664 ----a-w- C:\Windows\System32\urlmon(44).dll
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet(51).dll
2014-02-06 08:36:05 1156096 ----a-w- C:\Windows\SysWow64\urlmon(50).dll
2014-01-29 08:48:50 249856 ----a-w- C:\Windows\Setup1.exe
2014-01-29 08:48:48 73216 ----a-w- C:\Windows\ST6UNST.EXE
.
============= FINISH: 18:04:23.79 ===============

Attach Notepad File
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 17/08/2013 12:01:25 PM
System Uptime: 6/04/2014 5:36:53 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0N826N
Processor: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz | Socket 775 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 319.903 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0001
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0001
Service: aswNdis
.
==== System Restore Points ===================
.
RP86: 12/02/2014 8:19:55 AM - Windows Update
RP87: 15/02/2014 6:15:13 PM - Removed Windows 7 Upgrade Advisor
RP88: 16/02/2014 11:08:12 AM - Windows Update
RP89: 23/02/2014 5:24:53 PM - Scheduled Checkpoint
RP90: 3/03/2014 8:19:13 PM - Scheduled Checkpoint
RP91: 11/03/2014 7:50:08 PM - Scheduled Checkpoint
RP92: 13/03/2014 6:30:32 AM - Windows Update
RP93: 13/03/2014 7:37:06 AM - Windows Update
RP94: 18/03/2014 7:41:47 AM - PC Decrapifier Restore Point
RP95: 18/03/2014 9:27:51 PM - Windows Update
RP96: 20/03/2014 6:13:06 AM - Restore Operation
RP97: 20/03/2014 6:21:20 AM - avast! antivirus system restore point
RP98: 20/03/2014 8:11:22 AM - Windows Update
RP99: 20/03/2014 7:07:19 PM - Windows Update
RP100: 22/03/2014 8:55:16 AM - Installed Foxtel GO
RP101: 23/03/2014 10:46:54 AM - Windows Update
RP102: 27/03/2014 10:35:13 AM - Windows Modules Installer
RP103: 28/03/2014 3:00:28 AM - Windows Update
RP104: 1/04/2014 5:20:42 AM - avast! antivirus system restore point
RP105: 4/04/2014 8:56:24 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Anti-Spyware (Sunbelt4)
avast! Free Antivirus
BearShare
BigPond (BIUS)
BigPond Broadband Cable
Bigpond Desktop
BigPond Security
Boris PBJ Edition (4.47) - Installation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
D3DX10
Dropbox
e-tax 2013
ESP
Firewall (Core 2 64-bit)
Firewall (User)
Foxtel GO
GameSpy Arcade
Google Chrome
Google Update Helper
HL-2130
Intel® Graphics Media Accelerator Driver
Junk Mail filter update
Locomotion
Malwarebytes Anti-Malware version 2.0.1.1004
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 28.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Netsweeper Parental Controls
OpenTTD 1.3.2
Photo Common
SafeCentral Security Suite Web Install Helper
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
Skype™ 6.14
TC
Third Party Prerequisites
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viber
Web Filtering (Netsweeper)
Windows 7 Upgrade Advisor
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net  (09/25/2008 3.1.0.101)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
6/04/2014 5:39:04 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
6/04/2014 5:39:04 PM, Error: Service Control Manager [7022]  - The BigPond Security System Service service hung on starting.
4/04/2014 5:27:29 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
4/04/2014 5:16:26 PM, Error: Service Control Manager [7034]  - The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
31/03/2014 9:52:18 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/04/2014 9:16:11 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

Thanks for your help.
Henry

 

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.