Jump to content

arjaydavis

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,973 profile views
  1. False positive? Can you advise, other antimalware reports OK: https://virustotal.com/en/file/d77894d9e58d4a8cec265f79006bf2a42a2e57c0c105786ee8a3b3c9a8c9a811/analysis/1477472807/ I will also contact the vendor of MsgExtract. Thanks.
  2. Can't see any option anywhere to do this. Malwarebytes not listed in "Services" on pop-up context menu like Norton is. There seems to be only the option for scanning the whole system.
  3. I've just purchased the program. It does seem to be a bonafide safe program, there is documentation here: http://docs.maildev.com/ Any further thoughts welcome.
  4. Yes correct - that's the file, here is the Virus Total report for the file: https://www.virustotal.com/en/file/0be99096384dc2d0b6db4a8852f1bce525ffcc9b0bcdfd7761e09502e236a647/analysis/1457286540/ As you can see, DrWeb is the only scanner out of 55 that alleges that there is a DLOADER.trojan. DrWeb has been found to report false positives in the past, here: https://forums.malwarebytes.org/index.php?/topic/171054-drweb-false-positive-with-mbae-svc/ Given that it is the only one reporting such issue, this would suggest that the file is safe. And here is the Virus Total report for the URL: https://www.virustotal.com/en/url/19f4592e9ee752cfcda3a8261917b3298c17e1117abf95363bcd1a8552fdd6fb/analysis/ I looked on: https://forums.malwarebytes.org/index.php?/forum/51-newest-malware-threats/( "HERE" ) as you suggested and this appears to be a place for real malware submissions, as many of the threads are titled as such, I'm not sure what the convention here is to post the .exe there as it doesn't appear to be malware. Given the above findings. Are you suggesting I post information there?
  5. Hi, Please can you advise if the above program is safe as I'd like to use it generally, having tested the trial. This program appears to be safe as MalwareBytes AntiMalware 2.2.0.1024 found no threats. However, Norton reported a warning as it says not many of Norton's users have used the program. I downloaded this tool from: http://www.maildev.com/download/and scanned it with MalwareBytes AntiMalware 2.2.0.1024, finding no threats. I ran it and allowed Norton to let the program run, when it warned me about the small number of users. I'm running it on Windows 10 32bit Pro which also warned of unknown publisher but I have seen this before with software I am more confident with. I tested the program with a low risk email (gmail) account (only a few mesages in there, mostly automated mails from social media, no contacts), it works very well - it has many options for batch/bulk backing up email including in non-proprietary format such as .eml with options for naming of the individual email files, and retaining the hierarchical structure. It all looks normal and not suspcious at all. However, with Norton reporting a low number of users and low numbers of followers on their social media, I find myself wanting my confidence with the tool to be higher as it looks really good for what I want. (I used to use a very similar tool from express-archiver.com which extracted from Outlook Express on Windows XP but this tool (and the OS of course) are now defunct.) The site looks very polished with payment options for the full version (which I intend to take up), and the head of the company had been on SuperUser for 3 years and has built a respectable reputation score, http://superuser.com/users/134397/jponceand their posts disclose that they are the developer of the tool when answering related questions. The company is based in Bolivia it would appear going from the about section on the site and the whois of the domain. So all looks fine and a really useful time saving tool, nothing quite like it. I am also aware of http://imapsync.lamiral.info/which may come close and appears to be open source, with paid-for support but this is more technically involved and does not appear to have the easier to use UI that maildev mailextract has. Can you advise: - if there is anything further I can do to improve my confidence as to the safety of this not so well known program - is you have experience of the tool yourself and have been able to perform tests and or analysis to determine safety By the way, I do not work for maildev or any other tools mentioned. I also have no financial interest. However, as it looks like an excellent tool, as well as my own confidence being improved, I'd love to see more positive confirmation if possible as to the tool's safety so as to help promote it. Thank you.
  6. A simpler option is to turn off "Explorer context menu entry" and then turn it back on. That worked for me, so I didn't need to spend more effort going through the clean uninstall Malwarebytes and then reinstall. Anyone else seeing the issue started in this topic, give my suggestion a go first and if unlucky then use the advice about reinstalling from the other helpful folk here.
  7. Thanks gringo_pr - I have made a donation of 20$ to you for your help and my final follow up notes below: I made the .bat file and ran it but had to right click first to 'run as administrator' as the files were not deleted if I didn't do this. Also, I used the batch file to delete everything on my C: system drive but I kept the files on the K: drive and did not delete these as these are installers for programs that I may need. They 'live' on an external USB drive (the K: drive) and are not being run as they are installers so I would guess they are safe to leave there for now until I decide what to do with them later. I ran OTCleanIt.exe as well but did not need to run the other clean up tools as these weren't on my system. When I put ComboFix /Uninstall Windows reported it couldn't find it even though I had run it. I think this is a standalone program anyway so doesn't require an uninstall. I removed it from my downloads folder after using it. Thoughts? I considered WinPatrol in your advice but since I already have Norton AND MalwareBytes running I am hesitant about installing yet another program as my impression from reading stuff around the web is that overprotection in this way can actually reduce the protection as the interactions between the various programs can make them run below optimum performance. Thanks. Let me know your final thoughts. Cheers.
  8. Thanks Gringo, here are the reports requested: ESET log: ESET found threats, still, about the toolbar ( as in C: drive) Also it found threats on the installers od trial or free software that I have (K: drive): C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A applicationC:\Users\ROB\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask applicationK:\tech3\software\free\cd_dvd_blu-ray_optical_media_burning\SetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask applicationK:\tech3\software\free\cd_dvd_blu-ray_optical_media_burning\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask applicationK:\tech3\software\free\cd_dvd_blu-ray_optical_media_burning\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask applicationK:\tech3\software\free\system_utils\cpu-z_1.58-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask applicationK:\tech3\software\trial-or-without-key\file_converters_and_readers\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask applicationK:\tech3\software\trial-or-without-key\file_converters_and_readers\PDFCreator-1_2_3_setup.exe multiple threatsK:\tech3\software\trial-or-without-key\system_utils\siw-setup.exe Win32/InstallMonetizer.AF application Also the optional hijackthis log for the startup check: HijackThis log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 21:11:49, on 26/06/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v10.0 (10.00.9200.16611)Boot mode: Normal Running processes:C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\ROB\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=UP74DHP&pc=UP74&dt=060913R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLLO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dllO4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silentO4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD"O4 - HKUS\S-1-5-21-3120564896-2412673836-802271082-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')O4 - HKUS\S-1-5-21-3120564896-2412673836-802271082-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing)O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing)O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXEO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 7500 bytes
  9. mbam-log-2013-06-18 (23-22-46).txt Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.06.18.06 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16618ROB :: W7MAC [administrator] Protection: Enabled 18/06/2013 23:22:46mbam-log-2013-06-18 (23-22-46).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 353932Time elapsed: 15 minute(s), 40 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) hijackthis.log Logfile of Trend Micro HijackThis v2.0.4Scan saved at 00:44:29, on 23/06/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v10.0 (10.00.9200.16611)Boot mode: Normal Running processes:C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Users\ROB\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=UP74DHP&pc=UP74&dt=060913R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLLO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dllO4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe" silentO4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD"O4 - HKUS\S-1-5-21-3120564896-2412673836-802271082-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')O4 - HKUS\S-1-5-21-3120564896-2412673836-802271082-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing)O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing)O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXEO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 7195 bytes let me know of any problems you may have had None, thank you. How is the computer doing now? Still fine, thank you.
  10. Look forward to the day that software bromium.com perhaps becomes available to consumers, if it does at all...
  11. Where are the statistics that back this up? Evidence-based on data please. Or, does Babylon contain the ZeroAccess rootkit? Or vice versa? What tools? Will running MalwareBytesPro detect the ZeroAccess root kit? I'd like to think that MalwareBytesPro can find all this unwanted stuff and clean it up. So, although I appreciate the advice just here and elsewhere on this forum, it does puzzle me why, when there is a paid for product like MalwareBytesPro, that there is advice for all these other tools. Makes me wonder what the value is in using MalwareBytes or paying for it, which I have (3 licenses), when there is advice on the other tools. Let alone hours of my life that I won't get back sat in front of a screen reading all this stuff when there are more important things in life. When looking back on their life, no one is ever going to say they wished they'd watched more TV or read more forum posts about malware (useful ones as well as the anecdotal campfire-side stories of yore about your mate on IRC and other anorkay nerdy stuff)
  12. Just FYI - how to avoid these - as they are optional but sneakly presented in non-emphasised font face to make the click-happy installer overlook them. Also can you give me advise on how to properly ensure they are removed - I deleted the toolbar and the entry from startup pages and search engines in the browser settings for Chrome (similar may apply to firefox). delta-search.com toolbar & search engine, "Goon" TIP: If you select express install then you wil get these installed. Choose custom install and uncheck the boxes to not install them - and the tool is fine. Bit of a shame that the program maker thinks that this is worth including.
  13. All still fine. Ran the combofix with the cfscript.txt as instructed. Log below: ComboFix 13-06-15.01 - ROB 16/06/2013 22:36:21.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8118.5830 [GMT 1:00] Running from: c:\users\ROB\Downloads\ComboFix.exe Command switches used :: c:\users\ROB\Downloads\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-05-16 to 2013-06-16 ))))))))))))))))))))))))))))))) . . 2013-06-16 21:41 . 2013-06-16 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-16 09:48 . 2013-06-16 09:48 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-06-16 03:16 . 2013-06-16 08:25 -------- d---a-w- C:\.fseventsd 2013-06-15 21:02 . 2013-06-15 21:02 -------- d-----w- c:\windows\ERUNT 2013-06-15 21:01 . 2013-06-16 08:32 -------- d-----w- C:\JRT 2013-06-15 00:05 . 2013-06-15 00:05 -------- d-----w- c:\programdata\Malwarebytes 2013-06-15 00:05 . 2013-06-15 00:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-15 00:05 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-14 17:57 . 2013-06-14 17:57 -------- d-----w- c:\windows\SysWow64\Wat 2013-06-14 17:57 . 2013-06-14 17:57 -------- d-----w- c:\windows\system32\Wat 2013-06-14 00:19 . 2013-04-11 13:10 2498216 ----a-w- c:\windows\SysWow64\BootMan.exe 2013-06-14 00:19 . 2013-03-28 18:02 3376640 ----a-w- c:\windows\system32\BootMan.exe 2013-06-14 00:19 . 2013-03-07 08:49 9160 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys 2013-06-14 00:19 . 2013-03-07 08:49 87112 ----a-w- c:\windows\SysWow64\setupempdrv03.exe 2013-06-14 00:19 . 2013-03-07 08:49 13896 ----a-w- c:\windows\SysWow64\epmntdrv.sys 2013-06-14 00:19 . 2013-03-07 08:49 9800 ----a-w- c:\windows\system32\EuGdiDrv.sys 2013-06-14 00:19 . 2013-03-07 08:49 17480 ----a-w- c:\windows\system32\epmntdrv.sys 2013-06-14 00:19 . 2013-03-07 08:49 100936 ----a-w- c:\windows\system32\setupempdrvx64.exe 2013-06-14 00:19 . 2013-03-07 08:49 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll 2013-06-14 00:19 . 2013-03-07 08:49 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll 2013-06-14 00:19 . 2013-06-14 00:19 -------- d-----w- c:\program files (x86)\EaseUS 2013-06-13 22:44 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-06-13 22:44 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-06-13 22:44 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-06-13 22:44 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-06-13 22:40 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2013-06-13 22:32 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-06-13 22:32 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-06-13 22:32 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2013-06-13 22:32 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2013-06-13 22:32 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-06-13 22:32 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-06-13 22:32 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-06-13 22:32 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-06-13 22:32 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-06-13 22:32 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-06-13 22:32 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-06-13 22:32 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-06-13 22:32 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-06-13 22:30 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-06-13 22:30 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-06-13 22:30 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2013-06-13 22:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-06-13 22:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2013-06-12 23:37 . 2013-06-12 23:37 -------- d-----w- c:\programdata\TuneUp Software 2013-06-12 23:37 . 2013-06-12 23:37 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-06-12 23:37 . 2013-06-12 23:37 -------- d--h--w- c:\programdata\Common Files 2013-06-12 22:02 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 22:01 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2013-06-12 21:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2013-06-12 21:54 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll 2013-06-12 20:58 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2013-06-12 20:58 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2013-06-11 20:13 . 2013-06-16 08:24 -------- d---a-w- C:\.Trashes 2013-06-10 02:35 . 2012-12-11 10:23 20480 ----a-w- c:\windows\system32\drivers\AppleBtBc.sys 2013-06-10 02:35 . 2012-12-11 10:23 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2013-06-10 02:11 . 2013-06-09 18:19 -------- d-----w- c:\windows\Panther 2013-06-10 02:11 . 2013-06-09 18:51 -------- d-----w- C:\Boot 2013-06-09 21:37 . 2013-02-17 00:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-06-09 21:37 . 2013-06-09 21:37 -------- d--h--w- c:\windows\msdownld.tmp 2013-06-09 21:35 . 2013-06-09 21:35 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-06-09 21:27 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2013-06-09 21:27 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\E_YLMHVE.DLL 2013-06-09 21:27 . 2011-03-15 02:03 83968 ----a-w- c:\windows\system32\E_YD4BHVE.DLL 2013-06-09 21:11 . 2013-06-09 21:11 -------- d-----w- c:\windows\usb-audio.deTascam 2013-06-09 21:11 . 2011-04-28 20:18 53080 ----a-w- c:\windows\system32\drivers\tscusb2a.sys 2013-06-09 21:11 . 2011-04-28 20:18 31576 ----a-w- c:\windows\system32\drivers\tscusb2m.sys 2013-06-09 21:11 . 2011-04-28 20:18 419160 ----a-w- c:\windows\system32\drivers\tascusb2.sys 2013-06-09 21:11 . 2011-04-28 20:17 205656 ------w- c:\windows\system32\US-122_MKII_US-144_MKII.CPL 2013-06-09 20:43 . 2013-06-09 20:43 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2013-06-09 20:43 . 2013-06-09 20:43 -------- d-----w- c:\program files\Bonjour 2013-06-09 20:43 . 2013-06-09 20:43 -------- d-----w- c:\program files (x86)\Bonjour 2013-06-09 20:43 . 2013-06-09 20:43 -------- d-----w- c:\program files\LaCie 2013-06-09 20:40 . 2013-06-09 20:40 -------- d-----w- c:\program files (x86)\Beyond Compare 3 2013-06-09 20:39 . 2013-06-09 20:39 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-06-09 20:37 . 2013-06-09 20:37 -------- d-----w- c:\program files (x86)\ImgBurn 2013-06-09 20:37 . 2013-06-09 20:37 -------- d-----w- c:\program files\7-Zip 2013-06-09 20:36 . 2013-06-13 23:32 -------- d-----w- c:\program files\MPC-HC 2013-06-09 20:30 . 2013-06-09 20:31 -------- d-----w- c:\program files (x86)\Google 2013-06-09 19:00 . 2013-06-09 19:00 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-06-09 19:00 . 2013-06-09 19:00 -------- d-----w- c:\program files\Symantec 2013-06-09 19:00 . 2013-06-09 19:00 -------- d-----w- c:\program files\Common Files\Symantec Shared 2013-06-09 19:00 . 2013-06-09 20:02 -------- d-----w- c:\windows\system32\drivers\NISx64 2013-06-09 19:00 . 2013-06-09 19:00 -------- d-----w- c:\program files (x86)\Norton Internet Security 2013-06-09 18:59 . 2013-06-09 18:59 -------- d-----w- c:\program files (x86)\NortonInstaller 2013-06-09 18:56 . 2013-06-14 01:10 -------- d-----w- c:\programdata\Norton 2013-06-09 18:48 . 2013-06-09 18:48 -------- d-----w- c:\windows\system32\SPReview 2013-06-09 18:43 . 2010-11-20 04:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui 2013-06-09 18:43 . 2010-11-20 03:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2013-06-09 18:43 . 2010-11-20 04:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui 2013-06-09 18:43 . 2010-11-20 04:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui 2013-06-09 18:33 . 2013-06-09 18:33 -------- d-----w- c:\windows\system32\EventProviders 2013-06-09 18:30 . 2013-06-09 21:26 -------- d-----w- c:\programdata\EPSON 2013-06-09 18:30 . 2013-06-09 18:30 -------- d-----w- c:\program files\Common Files\EPSON 2013-06-09 18:25 . 2013-06-09 18:25 -------- d-----w- c:\program files\Boot Camp 2013-06-09 18:25 . 2012-08-16 00:53 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-06-09 18:25 . 2012-08-16 00:53 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-06-09 18:25 . 2012-08-16 00:53 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-06-09 18:25 . 2013-06-09 18:25 -------- d-----w- c:\program files (x86)\Intel 2013-06-09 18:25 . 2013-01-02 20:22 59872 ----a-w- c:\windows\SysWow64\CSVer.dll 2013-06-09 18:25 . 2013-06-09 18:25 -------- d-----w- C:\Intel 2013-06-09 18:23 . 2012-12-10 16:27 95584 ----a-w- c:\windows\system32\bcmwlcoi.dll 2013-06-09 18:23 . 2012-12-10 16:27 4884072 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS 2013-06-09 18:23 . 2012-12-10 16:27 3572112 ----a-w- c:\windows\system32\bcmihvui64.dll 2013-06-09 18:23 . 2012-12-10 16:27 3906448 ----a-w- c:\windows\system32\bcmihvsrv64.dll 2013-06-09 18:23 . 2013-06-09 18:23 -------- d-----w- c:\program files\DIFX 2013-06-09 18:23 . 2012-12-10 16:23 29696 ----a-w- c:\windows\system32\drivers\KeyMagic.sys 2013-06-09 18:23 . 2013-06-09 21:43 -------- d-----w- c:\users\UpdatusUser 2013-06-09 18:23 . 2013-06-16 13:41 -------- d-----w- c:\programdata\NVIDIA 2013-06-09 18:23 . 2013-06-09 18:23 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-06-09 18:20 . 2013-06-16 09:49 -------- d-sh--w- c:\windows\Installer 2013-06-09 18:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-06-09 18:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-06-09 18:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-06-09 18:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-06-09 18:20 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-06-09 18:20 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-06-09 18:20 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-06-09 18:20 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-06-09 18:20 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-06-09 18:19 . 2013-06-13 23:33 -------- d-----w- c:\users\ROB 2013-06-09 18:19 . 2013-06-09 18:19 -------- d-----w- C:\Recovery . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-09 18:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2013-06-09 18:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2013-05-08 06:10 . 2010-03-18 08:15 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-05-08 06:10 . 2010-03-18 08:15 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-04-13 05:49 . 2013-06-12 22:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-06-12 22:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-06-12 22:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-06-12 22:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-06-12 22:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-06-12 22:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaCie Ethernet Agent Startup"="c:\program files\LaCie\Network Assistant\LaCie Network Assistant.exe" [2013-05-03 9891328] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE" [2012-07-12 241280] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130614.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130614.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMNETS.SYS [x] S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe;c:\windows\SYSNATIVE\AppleOSSMgr.exe [x] S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe;c:\windows\SYSNATIVE\AppleTimeSrv.exe [x] S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys;c:\windows\SYSNATIVE\drivers\KeyAgent.sys [x] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys;c:\windows\SYSNATIVE\drivers\MacHALDriver.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x] S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys;c:\windows\SYSNATIVE\DRIVERS\AppleBtBc.sys [x] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys;c:\windows\SYSNATIVE\DRIVERS\applemtm.sys [x] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys;c:\windows\SYSNATIVE\DRIVERS\applemtp.sys [x] S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys;c:\windows\SYSNATIVE\DRIVERS\CS420x64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys;c:\windows\SYSNATIVE\DRIVERS\IRFilter.sys [x] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys;c:\windows\SYSNATIVE\DRIVERS\KeyMagic.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys;c:\windows\SYSNATIVE\Drivers\tascusb2.sys [x] S3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys;c:\windows\SYSNATIVE\drivers\tscusb2m.sys [x] S3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys;c:\windows\SYSNATIVE\drivers\tscusb2a.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-09 20:31 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-09 20:30] . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-09 20:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2013-01-16 743776] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 212.23.6.100 212.23.3.100 FF - ProfilePath - c:\users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\dso9cgom.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.co.uk/ FF - ExtSQL: 2013-06-09 20:00; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn FF - ExtSQL: 2013-06-09 21:02; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-16 22:43:48 ComboFix-quarantined-files.txt 2013-06-16 21:43 ComboFix2.txt 2013-06-16 20:32 . Pre-Run: 81,926,545,408 bytes free Post-Run: 81,866,887,168 bytes free . - - End Of File - - C1E351163F286909DDB1F3C7AA8A4F9D A36C5E4F47E84449FF07ED3517B43A31
  14. Hi Gringo, thanks for your further follow up: You asked if I had any problems. I have had no problems, things seem fine. You asked: How is the computer doing now? Answer: still fine. Here is the combofix.exe log: ComboFix 13-06-15.01 - ROB 16/06/2013 21:24:02.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8118.6075 [GMT 1:00] Running from: c:\users\ROB\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe K:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-05-16 to 2013-06-16 ))))))))))))))))))))))))))))))) . . 2013-06-16 20:28 . 2013-06-16 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-16 09:48 . 2013-06-16 09:48 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-06-16 03:16 . 2013-06-16 08:25 -------- d---a-w- C:\.fseventsd 2013-06-15 21:02 . 2013-06-15 21:02 -------- d-----w- c:\windows\ERUNT 2013-06-15 21:01 . 2013-06-16 08:32 -------- d-----w- C:\JRT 2013-06-15 00:05 . 2013-06-15 00:05 -------- d-----w- c:\programdata\Malwarebytes 2013-06-15 00:05 . 2013-06-15 00:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-15 00:05 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-14 17:57 . 2013-06-14 17:57 -------- d-----w- c:\windows\SysWow64\Wat 2013-06-14 17:57 . 2013-06-14 17:57 -------- d-----w- c:\windows\system32\Wat 2013-06-14 00:19 . 2013-04-11 13:10 2498216 ----a-w- c:\windows\SysWow64\BootMan.exe 2013-06-14 00:19 . 2013-03-28 18:02 3376640 ----a-w- c:\windows\system32\BootMan.exe 2013-06-14 00:19 . 2013-03-07 08:49 9160 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys 2013-06-14 00:19 . 2013-03-07 08:49 87112 ----a-w- c:\windows\SysWow64\setupempdrv03.exe 2013-06-14 00:19 . 2013-03-07 08:49 13896 ----a-w- c:\windows\SysWow64\epmntdrv.sys 2013-06-14 00:19 . 2013-03-07 08:49 9800 ----a-w- c:\windows\system32\EuGdiDrv.sys 2013-06-14 00:19 . 2013-03-07 08:49 17480 ----a-w- c:\windows\system32\epmntdrv.sys 2013-06-14 00:19 . 2013-03-07 08:49 100936 ----a-w- c:\windows\system32\setupempdrvx64.exe 2013-06-14 00:19 . 2013-03-07 08:49 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll 2013-06-14 00:19 . 2013-03-07 08:49 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll 2013-06-14 00:19 . 2013-06-14 00:19 -------- d-----w- c:\program files (x86)\EaseUS 2013-06-13 22:44 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-06-13 22:44 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-06-13 22:44 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-06-13 22:44 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-06-13 22:40 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2013-06-13 22:32 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-06-13 22:32 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-06-13 22:32 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2013-06-13 22:32 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2013-06-13 22:32 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-06-13 22:32 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-06-13 22:32 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-06-13 22:32 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-06-13 22:32 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-06-13 22:32 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-06-13 22:32 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-06-13 22:32 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-06-13 22:32 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-06-13 22:30 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-06-13 22:30 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-06-13 22:30 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2013-06-13 22:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-06-13 22:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2013-06-12 23:37 . 2013-06-12 23:37 -------- d-----w- c:\programdata\TuneUp Software 2013-06-12 23:37 . 2013-06-12 23:37 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-06-12 23:37 . 2013-06-12 23:37 -------- d--h--w- c:\programdata\Common Files 2013-06-12 22:02 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 22:01 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2013-06-12 21:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2013-06-12 21:54 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll 2013-06-12 20:58 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2013-06-12 20:58 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2013-06-11 20:13 . 2013-06-16 08:24 -------- d---a-w- C:\.Trashes 2013-06-10 02:35 . 2012-12-11 10:23 20480 ----a-w- c:\windows\system32\drivers\AppleBtBc.sys 2013-06-10 02:35 . 2012-12-11 10:23 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2013-06-10 02:11 . 2013-06-09 18:19 -------- d-----w- c:\windows\Panther 2013-06-10 02:11 . 2013-06-09 18:51 -------- d-----w- C:\Boot 2013-06-09 21:37 . 2013-02-17 00:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-06-09 21:37 . 2013-06-09 21:37 -------- d--h--w- c:\windows\msdownld.tmp 2013-06-09 21:35 . 2013-06-09 21:35 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-06-09 21:27 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2013-06-09 21:27 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\E_YLMHVE.DLL 2013-06-09 21:27 . 2011-03-15 02:03 83968 ----a-w- c:\windows\system32\E_YD4BHVE.DLL 2013-06-09 21:11 . 2013-06-09 21:11 -------- d-----w- c:\windows\usb-audio.deTascam 2013-06-09 21:11 . 2011-04-28 20:18 53080 ----a-w- c:\windows\system32\drivers\tscusb2a.sys 2013-06-09 21:11 . 2011-04-28 20:18 31576 ----a-w- c:\windows\system32\drivers\tscusb2m.sys 2013-06-09 21:11 . 2011-04-28 20:18 419160 ----a-w- c:\windows\system32\drivers\tascusb2.sys 2013-06-09 21:11 . 2011-04-28 20:17 205656 ------w- c:\windows\system32\US-122_MKII_US-144_MKII.CPL 2013-06-09 20:43 . 2013-06-09 20:43 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2013-06-09 20:43 . 2013-06-09 20:43 -------- d-----w- c:\program files\Bonjour 2013-06-09 20:43 . 2013-06-09 20:43 -------- d-----w- c:\program files (x86)\Bonjour 2013-06-09 20:43 . 2013-06-09 20:43 -------- d-----w- c:\program files\LaCie 2013-06-09 20:40 . 2013-06-09 20:40 -------- d-----w- c:\program files (x86)\Beyond Compare 3 2013-06-09 20:39 . 2013-06-09 20:39 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-06-09 20:37 . 2013-06-09 20:37 -------- d-----w- c:\program files (x86)\ImgBurn 2013-06-09 20:37 . 2013-06-09 20:37 -------- d-----w- c:\program files\7-Zip 2013-06-09 20:36 . 2013-06-13 23:32 -------- d-----w- c:\program files\MPC-HC 2013-06-09 20:30 . 2013-06-09 20:31 -------- d-----w- c:\program files (x86)\Google 2013-06-09 19:00 . 2013-06-09 19:00 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-06-09 19:00 . 2013-06-09 19:00 -------- d-----w- c:\program files\Symantec 2013-06-09 19:00 . 2013-06-09 19:00 -------- d-----w- c:\program files\Common Files\Symantec Shared 2013-06-09 19:00 . 2013-06-09 20:02 -------- d-----w- c:\windows\system32\drivers\NISx64 2013-06-09 19:00 . 2013-06-09 19:00 -------- d-----w- c:\program files (x86)\Norton Internet Security 2013-06-09 18:59 . 2013-06-09 18:59 -------- d-----w- c:\program files (x86)\NortonInstaller 2013-06-09 18:56 . 2013-06-14 01:10 -------- d-----w- c:\programdata\Norton 2013-06-09 18:48 . 2013-06-09 18:48 -------- d-----w- c:\windows\system32\SPReview 2013-06-09 18:43 . 2010-11-20 04:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui 2013-06-09 18:43 . 2010-11-20 03:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2013-06-09 18:43 . 2010-11-20 04:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui 2013-06-09 18:43 . 2010-11-20 04:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui 2013-06-09 18:33 . 2013-06-09 18:33 -------- d-----w- c:\windows\system32\EventProviders 2013-06-09 18:30 . 2013-06-09 21:26 -------- d-----w- c:\programdata\EPSON 2013-06-09 18:30 . 2013-06-09 18:30 -------- d-----w- c:\program files\Common Files\EPSON 2013-06-09 18:25 . 2013-06-09 18:25 -------- d-----w- c:\program files\Boot Camp 2013-06-09 18:25 . 2012-08-16 00:53 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-06-09 18:25 . 2012-08-16 00:53 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-06-09 18:25 . 2012-08-16 00:53 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-06-09 18:25 . 2013-06-09 18:25 -------- d-----w- c:\program files (x86)\Intel 2013-06-09 18:25 . 2013-01-02 20:22 59872 ----a-w- c:\windows\SysWow64\CSVer.dll 2013-06-09 18:25 . 2013-06-09 18:25 -------- d-----w- C:\Intel 2013-06-09 18:23 . 2012-12-10 16:27 95584 ----a-w- c:\windows\system32\bcmwlcoi.dll 2013-06-09 18:23 . 2012-12-10 16:27 4884072 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS 2013-06-09 18:23 . 2012-12-10 16:27 3572112 ----a-w- c:\windows\system32\bcmihvui64.dll 2013-06-09 18:23 . 2012-12-10 16:27 3906448 ----a-w- c:\windows\system32\bcmihvsrv64.dll 2013-06-09 18:23 . 2013-06-09 18:23 -------- d-----w- c:\program files\DIFX 2013-06-09 18:23 . 2012-12-10 16:23 29696 ----a-w- c:\windows\system32\drivers\KeyMagic.sys 2013-06-09 18:23 . 2013-06-09 21:43 -------- d-----w- c:\users\UpdatusUser 2013-06-09 18:23 . 2013-06-16 13:41 -------- d-----w- c:\programdata\NVIDIA 2013-06-09 18:23 . 2013-06-09 18:23 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-06-09 18:20 . 2013-06-16 09:49 -------- d-sh--w- c:\windows\Installer 2013-06-09 18:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-06-09 18:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-06-09 18:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-06-09 18:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-06-09 18:20 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-06-09 18:20 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-06-09 18:20 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-06-09 18:20 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-06-09 18:20 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-06-09 18:19 . 2013-06-13 23:33 -------- d-----w- c:\users\ROB 2013-06-09 18:19 . 2013-06-09 18:19 -------- d-----w- C:\Recovery . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-09 18:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2013-06-09 18:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2013-05-08 06:10 . 2010-03-18 08:15 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-05-08 06:10 . 2010-03-18 08:15 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-04-13 05:49 . 2013-06-12 22:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-06-12 22:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-06-12 22:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-06-12 22:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-06-12 22:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-06-12 22:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaCie Ethernet Agent Startup"="c:\program files\LaCie\Network Assistant\LaCie Network Assistant.exe" [2013-05-03 9891328] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE" [2012-07-12 241280] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130614.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130614.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMNETS.SYS [x] S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe;c:\windows\SYSNATIVE\AppleOSSMgr.exe [x] S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe;c:\windows\SYSNATIVE\AppleTimeSrv.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys;c:\windows\SYSNATIVE\drivers\KeyAgent.sys [x] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys;c:\windows\SYSNATIVE\drivers\MacHALDriver.sys [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x] S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys;c:\windows\SYSNATIVE\DRIVERS\AppleBtBc.sys [x] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys;c:\windows\SYSNATIVE\DRIVERS\applemtm.sys [x] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys;c:\windows\SYSNATIVE\DRIVERS\applemtp.sys [x] S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys;c:\windows\SYSNATIVE\DRIVERS\CS420x64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys;c:\windows\SYSNATIVE\DRIVERS\IRFilter.sys [x] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys;c:\windows\SYSNATIVE\DRIVERS\KeyMagic.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys;c:\windows\SYSNATIVE\Drivers\tascusb2.sys [x] S3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys;c:\windows\SYSNATIVE\drivers\tscusb2m.sys [x] S3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys;c:\windows\SYSNATIVE\drivers\tscusb2a.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-09 20:31 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-09 20:30] . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-09 20:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2013-01-16 743776] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 212.23.6.100 212.23.3.100 FF - ProfilePath - c:\users\ROB\AppData\Roaming\Mozilla\Firefox\Profiles\dso9cgom.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.co.uk/ FF - ExtSQL: 2013-06-09 20:00; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn FF - ExtSQL: 2013-06-09 21:02; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-16 21:32:03 ComboFix-quarantined-files.txt 2013-06-16 20:32 . Pre-Run: 82,095,935,488 bytes free Post-Run: 82,290,843,648 bytes free . - - End Of File - - 34B1BAD1A39814CA1D13DA9E9E2C2660 A36C5E4F47E84449FF07ED3517B43A31
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.