Jump to content

chrisd89

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. what virus scanner and background protection do you recommend? I now have malwarebytes paid for, I will use avast too. Do I need Spybot (which I had to delete) and I have also switch off windows defender - should I turn that back on?
  2. Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 55 Adobe Flash Player 12.0.0.77 Flash Player out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (28.0) Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  3. MiniToolBox by Farbar Version: 23-01-2014 Ran by hardwick (administrator) on 23-04-2014 at 11:36:47 Running from "C:\Users\hardwick\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. ProxyServer: localhost:8080 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek PCIe GBE Family Controller = Local Area Connection (Connected) Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter = Wireless Network Connection (Connected) The following helper DLL cannot be loaded: WCNNETSH.DLL. # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : ChrisDeakin-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter Physical Address. . . . . . . . . : 44-33-4C-14-B7-B5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::cdff:c346:ad8b:8ed0%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.109(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 23 April 2014 11:10:21 Lease Expires . . . . . . . . . . : 23 April 2014 13:10:24 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 323236684 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-42-3D-28-AC-22-0B-4E-96-67 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : AC-22-0B-4E-96-67 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::161:d408:2a09:5a03%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 23 April 2014 11:10:23 Lease Expires . . . . . . . . . . : 23 April 2014 13:10:23 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 246161931 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-42-3D-28-AC-22-0B-4E-96-67 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{5435C9FE-6691-492A-9817-38906070C104}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1405:3388:a02d:b4d4(Preferred) Link-local IPv6 Address . . . . . : fe80::1405:3388:a02d:b4d4%12(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{2B85D761-D8B7-43A9-B55E-ECA318205108}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 173.194.45.78 173.194.45.69 173.194.45.68 173.194.45.72 173.194.45.67 173.194.45.65 173.194.45.71 173.194.45.70 173.194.45.66 173.194.45.73 173.194.45.64 Pinging google.com [173.194.45.78] with 32 bytes of data: Reply from 173.194.45.78: bytes=32 time=687ms TTL=52 Reply from 173.194.45.78: bytes=32 time=738ms TTL=52 Ping statistics for 173.194.45.78: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 687ms, Maximum = 738ms, Average = 712ms Server: UnKnown Address: 192.168.0.1 Name: yahoo.com Addresses: 98.139.183.24 98.138.253.109 206.190.36.45 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=795ms TTL=43 Reply from 98.139.183.24: bytes=32 time=776ms TTL=43 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 776ms, Maximum = 795ms, Average = 785ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 13...44 33 4c 14 b7 b5 ......Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter 11...ac 22 0b 4e 96 67 ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.109 25 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 192.168.0.101 306 169.254.0.0 255.255.0.0 On-link 192.168.0.109 306 169.254.255.255 255.255.255.255 On-link 192.168.0.101 276 169.254.255.255 255.255.255.255 On-link 192.168.0.109 281 192.168.0.0 255.255.255.0 On-link 192.168.0.109 281 192.168.0.0 255.255.255.0 On-link 192.168.0.101 276 192.168.0.101 255.255.255.255 On-link 192.168.0.101 276 192.168.0.109 255.255.255.255 On-link 192.168.0.109 281 192.168.0.255 255.255.255.255 On-link 192.168.0.109 281 192.168.0.255 255.255.255.255 On-link 192.168.0.101 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.101 276 224.0.0.0 240.0.0.0 On-link 192.168.0.109 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.101 276 255.255.255.255 255.255.255.255 On-link 192.168.0.109 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 58 ::/0 On-link 1 306 ::1/128 On-link 12 58 2001::/32 On-link 12 306 2001:0:9d38:6abd:1405:3388:a02d:b4d4/128 On-link 11 276 fe80::/64 On-link 13 281 fe80::/64 On-link 12 306 fe80::/64 On-link 11 276 fe80::161:d408:2a09:5a03/128 On-link 12 306 fe80::1405:3388:a02d:b4d4/128 On-link 13 281 fe80::cdff:c346:ad8b:8ed0/128 On-link 1 306 ff00::/8 On-link 12 306 ff00::/8 On-link 11 276 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (04/23/2014 11:12:07 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/23/2014 10:37:10 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/23/2014 11:11:25 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/23/2014 10:36:30 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-04-22 10:03:16.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-22 10:03:16.096 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-22 10:03:16.074 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-22 10:03:16.054 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-21 18:06:32.378 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-21 18:06:32.354 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ Update for Microsoft Office 2007 (KB2508958) Able Photo Resizer 2.5.11.30 (Version: 2.5.11.30) Adobe AIR (Version: 3.4.0.2540) Adobe Download Manager (Version: 1.6.2.100) Adobe Flash Player 12 ActiveX (Version: 12.0.0.77) Adobe Flash Player 12 Plugin (Version: 12.0.0.77) Adobe Reader X (10.1.9) (Version: 10.1.9) Amazon Kindle AMD Accelerated Video Transcoding (Version: 13.20.100.30911) AMD Catalyst Control Center (Version: 2013.0911.2154.37488) AMD Catalyst Install Manager (Version: 8.0.915.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80911.2216) Apple Application Support (Version: 3.0.1) Apple Mobile Device Support (Version: 7.1.1.3) Apple Software Update (Version: 2.1.3.127) Bonjour (Version: 3.0.0.10) Canon MP Navigator EX 4.0 Canon MP495 series MP Drivers Canon MP495 series User Registration Canon My Printer Canon Solution Menu EX Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2013.0911.2154.37488) Catalyst Control Center InstallProxy (Version: 2013.0911.2154.37488) Catalyst Control Center Localization All (Version: 2013.0911.2154.37488) CCC Help Chinese Standard (Version: 2013.0911.2153.37488) CCC Help Chinese Traditional (Version: 2013.0911.2153.37488) CCC Help Czech (Version: 2013.0911.2153.37488) CCC Help Danish (Version: 2013.0911.2153.37488) CCC Help Dutch (Version: 2013.0911.2153.37488) CCC Help English (Version: 2013.0911.2153.37488) CCC Help Finnish (Version: 2013.0911.2153.37488) CCC Help French (Version: 2013.0911.2153.37488) CCC Help German (Version: 2013.0911.2153.37488) CCC Help Greek (Version: 2013.0911.2153.37488) CCC Help Hungarian (Version: 2013.0911.2153.37488) CCC Help Italian (Version: 2013.0911.2153.37488) CCC Help Japanese (Version: 2013.0911.2153.37488) CCC Help Korean (Version: 2013.0911.2153.37488) CCC Help Norwegian (Version: 2013.0911.2153.37488) CCC Help Polish (Version: 2013.0911.2153.37488) CCC Help Portuguese (Version: 2013.0911.2153.37488) CCC Help Russian (Version: 2013.0911.2153.37488) CCC Help Spanish (Version: 2013.0911.2153.37488) CCC Help Swedish (Version: 2013.0911.2153.37488) CCC Help Thai (Version: 2013.0911.2153.37488) CCC Help Turkish (Version: 2013.0911.2153.37488) ccc-utility64 (Version: 2013.0911.2154.37488) CCleaner (Version: 3.12) Dropbox (Version: 2.6.25) Duplicati (x64) (Version: 1.3.4) ESET Online Scanner v3 FastStone Photo Resizer 3.2 (Version: 3.2) Google Chrome (Version: 34.0.1847.116) Google Drive (Version: 1.14.6059.644) Google Update Helper (Version: 1.3.23.9) HerdMaster4 (Version: 4.3.6) HerdMaster5 (Version: 5.1.0.0) HmInstaller (Version: 4.3.6) Intel® Management Engine Components (Version: 9.0.0.1323) Intel® Rapid Storage Technology (Version: 12.0.0.1083) Intel® USB 3.0 eXtensible Host Controller Driver (Version: 2.5.0.19) Intel® Trusted Connect Service Client (Version: 1.27.798.1) iTunes (Version: 11.1.5.5) Java 7 Update 55 (Version: 7.0.550) Java Auto Updater (Version: 2.1.9.8) Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938) Microsoft Access 2000 SR-1 Runtime (Version: 9.00.3821) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 Trial (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Standard 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Sync Framework 2.0 Core Components (x64) ENU (Version: 2.0.1578.0) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (Version: 2.0.1578.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Works (Version: 9.7.0621) Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0) Mozilla Maintenance Service (Version: 28.0) PCmover (Version: 8.00.633.0) PeerBlock 1.1 (r518) (Version: 1.1.0.518) Picasa 3 (Version: 3.9) Realtek Ethernet Controller Driver (Version: 7.67.1226.2012) Realtek High Definition Audio Driver (Version: 6.0.1.6782) SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (Version: 13.0.4.705) Slick Savings (Version: 1.3) StuffIt Expander 2011 (Version: 15.0.7.2518) SyncToy 2.1 (x64) (Version: 2.1.0) TeamViewer 9 (Version: 9.0.24951) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 2.1.3 (Version: 2.1.3) Vuze (Version: 5.3.0.0) Vuze Remote Toolbar v9.0 (Version: 9.0) ========================= Memory info: =================================== Percentage of memory in use: 45% Total physical RAM: 8130.23 MB Available physical RAM: 4436.26 MB Total Pagefile: 13115.41 MB Available Pagefile: 7744.39 MB Total Virtual: 4095.88 MB Available Virtual: 3967.24 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:931.41 GB) (Free:828.28 GB) NTFS ========================= Users: ======================================== User accounts for \\CHRISDEAKIN-PC Administrator Chris Deakin Guest hardwick **** End of log ****
  4. ok will do. When I reboot, Malwarebytes starts automatically and I now about 20 malwares instead of just the one see below Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 23/04/2014Scan Time: 11:33:02Logfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.23.04Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: hardwick Scan Type: Threat ScanResult: CompletedObjects Scanned: 295841Time Elapsed: 6 min, 9 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 5PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\CLASSES\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [328efe2f215ac76fb135dd39758d07f9], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [328efe2f215ac76fb135dd39758d07f9], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [328efe2f215ac76fb135dd39758d07f9], PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [bc048ba23942d95d121d84976d954ab6], PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [bc048ba23942d95d121d84976d954ab6], Registry Values: 6PUP.Optional.VuzeTB.A, HKU\S-1-5-21-1004204646-2864660507-1877319225-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [328efe2f215ac76fb135dd39758d07f9], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{05478A66-EDB6-4A22-A870-A5987F80A7DA}, Vuze Remote Toolbar, , [328efe2f215ac76fb135dd39758d07f9]PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{05478A66-EDB6-4A22-A870-A5987F80A7DA}, Vuze Remote Toolbar, , [328efe2f215ac76fb135dd39758d07f9]PUP.Optional.VuzeTB.A, HKU\S-1-5-21-1004204646-2864660507-1877319225-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [8f3164c9d3a8e155b333b561aa5817e9], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [5e62ec4181fa41f5d21447cf7e847888], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [ae12022b9cdfe55139ad92840bf731cf], Registry Data: 0(No malicious items detected) Folders: 5PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Local\Slick Savings, , [ac142805730878be36643e62cf342dd3], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, , [af1156d74b30c76f9f41d79453af7f81], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content, , [5b651914700bb086d60b5f0c46bc8977], Files: 13PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Local\Slick Savings\coupons.crx, , [ac142805730878be36643e62cf342dd3], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome.manifest, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\icon.png, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\install.rdf, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\config.json, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\main.js, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\main.xul, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\newtab.xul, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\prefs.txt, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\redirects.js, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\spigot.js, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\startpage.js, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Conduit.A, C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=MD3C7859A-CEEB-4FEA-918C-48C0EB4393F9&SearchSource=55&CUI=&UM=5&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&SSPV=SE2YA1_sp_ch",), ,[e5dba28b7b00e551755fcb8ce123da26] Physical Sectors: 0(No malicious items detected) (end)
  5. it says.............................................................................................................................................. This webpage is not available Reload
  6. still not there see below. Also JRT keeps trying to save when I reboot, how can deactivate pl;ease bleepingcomputer.comHomeForumsDownloadsTutorialsStartup ListVirus RemovalUninstall ListFile DatabaseGlossaryWelcome Guest (Log In | Create Account)New Member? Join for free.Welcome Guide Chat Help Search RSS Home Welcome Guest You have to log in before you can post to this site Username Password Remember Me? Follow BleepingComputer.com Latest Virus Removal Guides Windows Internet Guard Removal Guide Key-Find.com Browser Hijacker Removal Guide WebsSearches.com Browser Hijacker Removal Guide Windows Internet Watchdog Removal Guide Windows Web Watchdog Removal Guide Page Not Found! Unfortunately the page that you requested does not exist. Don't worry, though, we have some great suggestions to help you on your way! Based on the keywords found in the URL that you attempted to visit, we have suggested similar content and articles below. Suggested Forum discussions: SecurityCheck by screen317 SecurityCheck.exe - No notepad opening Suggested Tutorials: How to disable the ability to change the Windows 8 Start Screen background How to disable the Windows Store in Windows 8 Latest Tech Support Discussions ITK programming doubt Hi New Member. Suggestions from BleepingComputer community are needed. how to network window server 2000 to windows 7 "plugged in, charging" but not charging Latest Tutorials How to sign in directly to the Windows 8.1 desktop How to enable the F8 key to start Safe Mode in Windows 8 How to change email storage folder in Windows Live Mail How to create a command-line toolkit for Windows Clear tile notifications on logout in Windows 8
  7. tried security check link 1 and link 2 but it says website does not exist
  8. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by hardwick on 23/04/2014 at 10:22:29.84 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] application updater Successfully deleted: [service] application updater ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\speedupmypc_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\speedupmypc_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\hardwick\AppData\Roaming\nosibay" Failed to delete: [Folder] "C:\Users\hardwick\AppData\Roaming\slick savings" Successfully deleted: [Folder] "C:\Users\hardwick\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\hardwick\appdata\locallow\search settings" Successfully deleted: [Folder] "C:\Program Files (x86)\application updater" Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadeals" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie" Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup" Successfully deleted: [Folder] "C:\Program Files (x86)\nosibay" Successfully deleted: [Folder] "C:\Program Files (x86)\vuze remote toolbar" Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot" ~~~ FireFox Successfully deleted: [File] C:\Users\hardwick\AppData\Roaming\mozilla\firefox\profiles\mt0zvmh2.default\user.js Successfully deleted: [Folder] C:\Users\hardwick\AppData\Roaming\mozilla\firefox\profiles\mt0zvmh2.default\extensions\savingsslider@mybrowserbar.com Emptied folder: C:\Users\hardwick\AppData\Roaming\mozilla\firefox\profiles\mt0zvmh2.default\minidumps [3 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23/04/2014 at 10:25:53.23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ security check to follow next
  9. It is still on the system because: 1. My bank tells me they can still see it and won't reauthorise online access until they see it has gone 2. Malwarebytes keeps picking it up because I have to scan every hour.
  10. I completed the scan and saved the ark.txt file but the scan said 'no modifications found' and the log is completely empty
  11. C:\AdwCleaner\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir a variant of Win32/Toolbar.Widgi.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\Auction_RaptorToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\ldrtbAuct.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\prxtbAuc0.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\prxtbAuct.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\tbAuct.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\wth169.dll.vir a variant of Win32/Toolbar.Widgi.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\wthx169.dll.vir a variant of Win64/Toolbar.Widgi.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\SlickSavings\SlickSavingsSetup.exe.vir Win32/Toolbar.Widgi.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyIE.dll.vir a variant of Win32/DealPly.G potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateVer.exe.vir a variant of Win32/DealPly.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\DealPlyLive.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\PricePeep\pricepeep.dll.vir a variant of Win32/AdWare.PricePeep.A application C:\AdwCleaner\Quarantine\C\Program Files\Vuze Remote toolbar\FF\components\vuzeToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze Remote toolbar\IE\7.9\vuzeToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\ldrtbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\prxtbVuze.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Wajam\IE\priam_bho.dll.vir a variant of Win32/Wajam.G potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\WajamUpdater.exe.vir Win32/Wajam.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT111115\Auction_RaptorAutoUpdateHelper.exe (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT111115\Auction_RaptorAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl\10.20.1.508_0\plugins\TBVerifier.dll (1).vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl\10.20.1.508_0\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\background.js (1).vir Win32/DealPly.J potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\background.js.vir Win32/DealPly.J potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.20.1.508_0\plugins\TBVerifier.dll (1).vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.20.1.508_0\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuc0.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuc0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuct.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuct.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc0.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc1.dll (1).vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuct.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuct.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz1.dll (1).vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuze.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (1).vir a variant of Win32/DealPly.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\g48916ym.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul (1).vir Win32/DealPly.J potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\g48916ym.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir Win32/DealPly.J potentially unwanted application C:\FRST\Quarantine\C\Users\hardwick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.O potentially unwanted application C:\Program Files (x86)\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application C:\Qoobox\Quarantine\C\Program Files (x86)\SaveShare\uninstall.exe.vir Win32/SProtector.B potentially unwanted application C:\Users\hardwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ARC2BB0\SPSetup[1].exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\Users\hardwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QP2GA7G\sp-downloader[1].exe Win32/Toolbar.Conduit.R potentially unwanted application C:\Users\hardwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVFGAHO1\Setup[1].exe a variant of Win32/BrowseFox.F potentially unwanted application C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\Player_Setup (1).exe a variant of Win32/DomaIQ.AM potentially unwanted application C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\Player_Setup.exe a variant of Win32/DomaIQ.AM potentially unwanted application C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\SoftonicDownloader_for_able-photo-resizer.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\SoftonicDownloader_for_faststone-image-viewer.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application C:\Users\hardwick\Desktop\Misc Temp Desktop files\Setup (1).exe Win32/AdWare.iBryte.G application C:\Users\hardwick\Desktop\Misc Temp Desktop files\tb_Auction_Raptor.exe a variant of Win32/Wajam.F potentially unwanted application C:\Users\hardwick\Downloads\ccsetup312 (1).exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Users\hardwick\Downloads\ccsetup312.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Users\hardwick\Downloads\cnet2_flactomp3converter42_exe (1).exe a variant of Win32/InstallCore.D potentially unwanted application C:\Users\hardwick\Downloads\cnet2_flactomp3converter42_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
  12. ComboFix 14-04-20.01 - hardwick 22/04/2014 10:00:44.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8130.6280 [GMT 1:00] Running from: c:\users\hardwick\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-03-22 to 2014-04-22 ))))))))))))))))))))))))))))))) . . 2014-04-22 09:03 . 2014-04-22 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-22 09:03 . 2014-04-22 09:03 -------- d-----w- c:\users\Chris Deakin\AppData\Local\temp 2014-04-22 07:09 . 2014-04-17 04:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF3997C2-8077-4E46-8978-ED183B88A91F}\mpengine.dll 2014-04-18 08:39 . 2014-04-14 19:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-15 15:14 . 2014-04-15 15:14 -------- d-----w- c:\users\hardwick\AppData\Local\WebInternetSecurity 2014-04-15 14:19 . 2014-04-17 10:28 -------- d-----w- C:\FRST 2014-04-08 23:03 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll 2014-04-08 23:03 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-04-08 23:03 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-04-07 18:01 . 2014-04-07 18:01 -------- d-----w- c:\users\hardwick\AppData\Roaming\DropboxMaster 2014-04-07 11:45 . 2014-04-22 08:59 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\programdata\Malwarebytes 2014-04-07 11:44 . 2014-04-03 08:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-07 11:44 . 2014-04-03 08:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-07 11:44 . 2014-04-03 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-22 08:58 . 2013-12-17 19:02 65536 ----a-w- c:\windows\system32\spu_storage.bin 2014-04-12 14:00 . 2014-01-04 10:04 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-14 07:41 . 2014-02-12 07:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-14 07:41 . 2014-02-12 07:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-04 09:17 . 2014-04-08 23:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-03-01 05:16 . 2014-03-13 15:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-03-01 04:58 . 2014-03-13 15:55 2765824 ----a-w- c:\windows\system32\iertutil.dll 2014-03-01 04:52 . 2014-03-13 15:55 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-03-01 04:51 . 2014-03-13 15:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-03-01 04:42 . 2014-03-13 15:55 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-03-01 04:40 . 2014-03-13 15:55 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-03-01 04:37 . 2014-03-13 15:55 574976 ----a-w- c:\windows\system32\ieui.dll 2014-03-01 04:33 . 2014-03-13 15:55 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-01 04:33 . 2014-03-13 15:55 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-03-01 04:32 . 2014-03-13 15:55 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2014-03-01 04:23 . 2014-03-13 15:55 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-03-01 04:17 . 2014-03-13 15:55 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2014-03-01 04:02 . 2014-03-13 15:55 195584 ----a-w- c:\windows\system32\msrating.dll 2014-03-01 03:54 . 2014-03-13 15:55 5768704 ----a-w- c:\windows\system32\jscript9.dll 2014-03-01 03:52 . 2014-03-13 15:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-03-01 03:51 . 2014-03-13 15:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:42 . 2014-03-13 15:55 627200 ----a-w- c:\windows\system32\msfeeds.dll 2014-03-01 03:38 . 2014-03-13 15:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-03-01 03:37 . 2014-03-13 15:55 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-03-01 03:35 . 2014-03-13 15:55 2041856 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-01 03:18 . 2014-03-13 15:55 13051904 ----a-w- c:\windows\system32\ieframe.dll 2014-03-01 03:14 . 2014-03-13 15:55 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-03-01 03:10 . 2014-03-13 15:55 2334208 ----a-w- c:\windows\system32\wininet.dll 2014-03-01 03:00 . 2014-03-13 15:55 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-03-01 02:38 . 2014-03-13 15:55 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-03-01 02:32 . 2014-03-13 15:55 1820160 ----a-w- c:\windows\SysWow64\wininet.dll 2014-03-01 02:25 . 2014-03-13 15:55 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2014-02-07 01:23 . 2014-03-13 15:55 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:32 . 2014-03-13 15:54 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:32 . 2014-03-13 15:54 624128 ----a-w- c:\windows\system32\qedit.dll 2014-02-04 02:04 . 2014-03-13 15:54 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-02-04 02:04 . 2014-03-13 15:54 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-01-29 02:32 . 2014-03-13 15:55 484864 ----a-w- c:\windows\system32\wer.dll 2014-01-29 02:06 . 2014-03-13 15:55 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-01-28 02:32 . 2014-03-13 15:55 228864 ----a-w- c:\windows\system32\wwansvc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FBBF48DDF52CFE01A375E54F303562119CD0BB61._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032] "PeerBlock"="c:\program files (x86)\peerblock\peerblock.exe" [2010-11-06 1866864] "GoogleChromeAutoLaunch_DDAA95BF07E3734F0BE24CB51FCD11D0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-11 766208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Duplicati.lnk - c:\program files\Duplicati\Duplicati.exe [2013-1-31 1456640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R3 pbfilter;pbfilter;c:\program files (x86)\PeerBlock\pbfilter.sys;c:\program files (x86)\PeerBlock\pbfilter.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MBAMWEBACCESSCONTROL *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-10 08:50 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 07:41] . 2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39] . 2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = localhost:8080 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\ . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-22 10:04:36 ComboFix-quarantined-files.txt 2014-04-22 09:04 ComboFix2.txt 2014-04-21 18:56 ComboFix3.txt 2014-04-21 17:08 . Pre-Run: 891,548,102,656 bytes free Post-Run: 891,461,632,000 bytes free . - - End Of File - - 5D06D89020BE5043A31EAEC9BC8AAD44 A36C5E4F47E84449FF07ED3517B43A31
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.