Jump to content

jonnymalcs

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by jonnymalcs

  1. Hi Ron, I know you haven't given me the all clear yet but I did just want to say thank you for all of your help. MBAM is excellent software, I have saved many a PC from vicious malware just by booting in safe mode and installing the latest version. Keep up the excellent work! As far as I can tell though, the bitcoin miner has now been vanquished! I will return though until you give me the all clear I wish you and the Malwarebytes team all the best in your future endeavours! :)
  2. Results of screen317's Security Check version 0.99.74 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus 2014 Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Malwarebytes Anti-Malware version 1.75.0.1300 Wise Registry Cleaner 7.84 Adobe Reader 9 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  3. The computer always ran fine but the virus seems to have gone.... Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.10.18.04 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16721jonny_000 :: BETSY [administrator] Protection: Enabled 18/10/2013 10:32:31mbam-log-2013-10-18 (10-32-31).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 205369Time elapsed: 5 minute(s), 34 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  4. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.17.03 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16721 jonny_000 :: BETSY [administrator] Protection: Enabled 17/10/2013 10:27:14 mbam-log-2013-10-17 (10-27-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204992 Time elapsed: 3 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows 8 x64 Ran by jonny_000 on 17/10/2013 at 10:16:45.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{66EDD1EC-32FE-4870-BC1E-69695A8299EB} ~~~ Files ~~~ Folders ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\CookiesBlockedForUrls [blacklisted Policy] Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\JavaScriptBlockedForUrls [blacklisted Policy] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/10/2013 at 10:23:04.56 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. Sorry buddy, rescanning now. In the meantime.... # AdwCleaner v3.008 - Report created 17/10/2013 at 10:12:09# Updated 17/10/2013 by Xplode# Operating System : Windows 8 (64 bits)# Username : jonny_000 - BETSY# Running from : C:\Users\jonny_000\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Google Chrome v30.0.1599.69 [ File : C:\Users\jonny_000\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1350 octets] - [17/10/2013 10:10:01]AdwCleaner[s0].txt - [1275 octets] - [17/10/2013 10:12:09] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1335 octets] ##########
  7. Ron, ​Please find attached log for Step 03 mbar-log-2013-10-17 (09-11-38).txt system-log.txt
  8. Ron, Please find attached log TDSSKiller.3.0.0.14_16.10.2013_09.37.43_log.txt
  9. ComboFix 13-10-15.02 - jonny_000 15/10/2013 11:26:30.1.4 - x64 Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.8088.6262 [GMT 1:00] Running from: c:\users\jonny_000\Desktop\ComboFix.exe AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming . . ((((((((((((((((((((((((( Files Created from 2013-09-15 to 2013-10-15 ))))))))))))))))))))))))))))))) . . 2013-10-15 10:55 . 2013-10-15 10:56 -------- d-----w- c:\users\jonny_000\AppData\Local\temp 2013-10-15 10:55 . 2013-10-15 10:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-14 13:06 . 2013-10-14 13:06 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp 2013-10-14 10:36 . 2013-10-14 11:25 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-13 00:11 . 2013-10-13 00:11 -------- d-----w- c:\program files\Microsoft.NET 2013-10-10 17:07 . 2013-10-10 21:51 -------- d-----w- C:\AMD 2013-10-10 02:50 . 2013-06-29 03:07 83968 ----a-w- c:\windows\system32\drivers\hidclass.sys 2013-10-10 02:50 . 2013-06-29 03:08 32768 ----a-w- c:\windows\system32\drivers\hidparse.sys 2013-10-10 02:50 . 2013-07-01 22:14 25600 ----a-w- c:\windows\system32\drivers\usbprint.sys 2013-10-10 02:50 . 2013-07-02 01:41 337752 ----a-w- c:\windows\system32\drivers\USBXHCI.SYS 2013-10-10 02:50 . 2013-07-02 01:41 447320 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS 2013-10-10 02:50 . 2013-07-02 01:41 213336 ----a-w- c:\windows\system32\drivers\UCX01000.SYS 2013-10-10 02:50 . 2013-07-01 01:42 623448 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-10-10 02:50 . 2013-07-01 01:42 498008 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-10-10 02:50 . 2013-07-01 01:42 79192 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-10-10 02:50 . 2013-07-01 01:42 21848 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-10-10 02:50 . 2013-06-29 03:07 32256 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-10-10 02:50 . 2013-06-29 03:06 120832 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-10-10 02:49 . 2013-07-05 22:01 210560 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2013-10-10 02:49 . 2013-07-05 22:02 99328 ----a-w- c:\windows\system32\drivers\usbcir.sys 2013-10-10 02:49 . 2013-07-19 22:13 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 02:49 . 2013-07-19 22:13 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 02:48 . 2013-05-26 23:17 35328 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-10-10 02:48 . 2013-05-26 22:59 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-10-10 02:48 . 2013-05-25 03:15 362496 ----a-w- c:\windows\system32\atmfd.dll 2013-10-10 02:48 . 2013-05-25 02:32 300032 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-10-10 02:48 . 2013-08-23 05:11 4040192 ----a-w- c:\windows\system32\win32k.sys 2013-10-10 02:41 . 2013-09-22 22:54 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-10-10 02:41 . 2013-09-22 22:54 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-10-10 02:41 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-10-10 02:41 . 2013-04-28 22:30 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2013-10-10 02:41 . 2013-06-22 05:45 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-10-10 02:41 . 2013-06-22 05:45 54488 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-10-09 21:09 . 2013-10-09 21:09 -------- d-----w- c:\users\jonny_000\AppData\Local\GameFly 2013-10-09 13:23 . 2013-10-09 13:23 -------- d-----w- c:\users\jonny_000\AppData\Roaming\GameFly 2013-10-07 09:38 . 2013-10-07 09:38 -------- d-----w- c:\users\jonny_000\AppData\Roaming\AVG 2013-10-07 09:37 . 2013-10-07 09:40 -------- d-----w- c:\programdata\AVG 2013-10-07 09:37 . 2013-10-07 09:44 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2013-10-06 16:15 . 2013-10-10 23:02 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Bioshock 2013-10-05 10:32 . 2013-10-05 10:32 -------- d-----w- c:\programdata\Solidshield 2013-10-04 11:50 . 2013-10-04 11:50 -------- d-----w- c:\users\jonny_000\AppData\Local\Gas Powered Games 2013-10-03 21:41 . 2013-10-03 21:41 -------- d-----w- c:\program files (x86)\JoWooD 2013-10-03 11:55 . 2013-10-03 11:55 290480 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10219.bin 2013-09-28 22:21 . 2013-09-28 22:21 -------- d-----w- c:\programdata\Licenses 2013-09-28 22:21 . 2013-09-28 22:21 -------- d-----w- c:\program files (x86)\SpywareBlaster 2013-09-28 22:21 . 2011-11-04 04:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2013-09-28 22:21 . 2009-03-24 11:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2013-09-28 22:18 . 2013-09-28 22:18 -------- d-----w- c:\users\jonny_000\AppData\Roaming\WinPatrol 2013-09-28 22:18 . 2013-09-28 22:18 -------- d-----w- c:\programdata\InstallMate 2013-09-28 22:18 . 2013-09-28 22:18 -------- d-----w- c:\program files (x86)\BillP Studios 2013-09-28 10:41 . 2013-09-28 10:41 -------- d-----w- c:\users\jonny_000\AppData\Roaming\com.headupgames.theinnerworld 2013-09-28 10:30 . 2013-09-28 10:30 -------- d-----w- c:\program files (x86)\Cisco 2013-09-27 08:35 . 2013-09-27 08:35 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-09-26 22:46 . 2013-09-26 22:52 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Tropico 4 2013-09-26 22:42 . 2013-09-26 22:42 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Kalypso Media 2013-09-25 20:07 . 2013-09-25 20:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys 2013-09-25 16:48 . 2013-09-25 16:55 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Vessel 2013-09-20 08:04 . 2008-05-07 18:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL 2013-09-19 12:10 . 2013-09-19 12:10 9082024 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\OSETUP.DLL 2013-09-17 23:50 . 2013-09-17 23:50 47744 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\OSetupPS.dll 2013-09-17 23:50 . 2013-09-17 23:50 393464 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\ODeploy.exe 2013-09-17 23:50 . 2013-09-17 23:50 1061568 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe 2013-09-16 11:03 . 2013-09-16 11:03 -------- d-----w- c:\users\jonny_000\AppData\Roaming\TuneUp Software 2013-09-16 11:02 . 2013-10-07 08:09 -------- d-----w- C:\$AVG 2013-09-16 11:02 . 2013-10-10 07:12 -------- d-----w- c:\program files (x86)\AVG 2013-09-16 11:01 . 2013-09-16 11:01 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-09-16 11:00 . 2013-10-07 08:03 -------- d-----w- c:\users\jonny_000\AppData\Local\Avg2014 2013-09-15 14:11 . 2013-09-15 14:14 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Wise Registry Cleaner 2013-09-15 14:10 . 2013-09-15 14:10 -------- d-----w- c:\program files (x86)\Wise 2013-09-15 14:07 . 2013-09-15 14:07 -------- d-----w- c:\program files (x86)\VS Revo Group . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-14 13:06 . 2012-10-22 02:26 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys 2013-10-10 02:51 . 2013-07-21 02:20 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-02 01:38 . 2013-09-14 07:36 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-02 01:38 . 2013-09-14 07:36 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-08 21:11 . 2013-09-08 21:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-09-04 14:35 . 2013-09-04 14:35 20496 ----a-w- c:\windows\system32\drivers\avgboota.sys 2013-09-02 09:59 . 2013-09-02 09:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-09-02 09:29 . 2013-09-02 09:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-09-02 09:26 . 2013-09-02 09:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-09-02 09:26 . 2013-09-02 09:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-08-20 21:53 . 2013-08-20 21:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2013-08-20 06:02 . 2013-08-20 06:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-08-20 06:02 . 2013-08-20 06:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-08-16 05:41 . 2013-09-12 15:27 58200 ----a-w- c:\windows\system32\drivers\dam.sys 2013-08-16 05:39 . 2013-09-12 15:27 2371728 ----a-w- c:\windows\system32\WSService.dll 2013-08-16 05:39 . 2013-09-12 15:27 59416 ----a-w- c:\windows\system32\wuauclt.exe 2013-08-16 05:32 . 2013-09-12 15:27 209200 ----a-w- c:\windows\system32\NotificationUI.exe 2013-08-16 05:22 . 2013-09-12 15:27 40448 ----a-w- c:\windows\system32\wuapp.exe 2013-08-16 05:22 . 2013-09-12 15:27 4917760 ----a-w- c:\windows\system32\sppsvc.exe 2013-08-16 05:21 . 2013-09-12 15:27 3275776 ----a-w- c:\windows\system32\wuaueng.dll 2013-08-16 05:21 . 2013-09-12 15:27 49664 ----a-w- c:\windows\system32\wups.dll 2013-08-16 05:21 . 2013-09-12 15:27 49152 ----a-w- c:\windows\system32\wups2.dll 2013-08-16 05:21 . 2013-09-12 15:27 1621504 ----a-w- c:\windows\system32\wucltux.dll 2013-08-16 05:21 . 2013-09-12 15:27 252416 ----a-w- c:\windows\system32\WUSettingsProvider.dll 2013-08-16 05:21 . 2013-09-12 15:27 99328 ----a-w- c:\windows\system32\wudriver.dll 2013-08-16 05:21 . 2013-09-12 15:27 142848 ----a-w- c:\windows\system32\wuwebv.dll 2013-08-16 05:21 . 2013-09-12 15:27 773120 ----a-w- c:\windows\system32\wuapi.dll 2013-08-16 05:21 . 2013-09-12 15:27 688640 ----a-w- c:\windows\system32\WSShared.dll 2013-08-16 05:21 . 2013-09-12 15:27 183808 ----a-w- c:\windows\system32\WSSync.dll 2013-08-16 05:21 . 2013-09-12 15:27 204800 ----a-w- c:\windows\system32\WSClient.dll 2013-08-16 05:21 . 2013-09-12 15:27 198656 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll 2013-08-16 05:21 . 2013-09-12 15:27 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-08-16 05:21 . 2013-09-12 15:27 174592 ----a-w- c:\windows\system32\storewuauth.dll 2013-08-16 05:21 . 2013-09-12 15:27 1164288 ----a-w- c:\windows\system32\sppobjs.dll 2013-08-16 05:21 . 2013-09-12 15:27 368640 ----a-w- c:\windows\system32\sppwinob.dll 2013-08-16 05:21 . 2013-09-12 15:27 81408 ----a-w- c:\windows\system32\setupcln.dll 2013-08-16 05:21 . 2013-09-12 15:27 120320 ----a-w- c:\windows\system32\sppc.dll 2013-08-16 05:20 . 2013-09-12 15:27 105984 ----a-w- c:\windows\system32\WinSetupUI.dll 2013-08-15 22:43 . 2013-09-12 15:27 35328 ----a-w- c:\windows\SysWow64\wuapp.exe 2013-08-15 22:43 . 2013-09-12 15:27 628736 ----a-w- c:\windows\SysWow64\wuapi.dll 2013-08-15 22:43 . 2013-09-12 15:27 20992 ----a-w- c:\windows\SysWow64\wups.dll 2013-08-15 22:43 . 2013-09-12 15:27 84992 ----a-w- c:\windows\SysWow64\wudriver.dll 2013-08-15 22:43 . 2013-09-12 15:27 126976 ----a-w- c:\windows\SysWow64\wuwebv.dll 2013-08-15 22:43 . 2013-09-12 15:27 562688 ----a-w- c:\windows\SysWow64\WSShared.dll 2013-08-15 22:43 . 2013-09-12 15:27 159232 ----a-w- c:\windows\SysWow64\WSSync.dll 2013-08-15 22:43 . 2013-09-12 15:27 143872 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.dll 2013-08-15 22:43 . 2013-09-12 15:27 167424 ----a-w- c:\windows\SysWow64\WSClient.dll 2013-08-15 22:43 . 2013-09-12 15:27 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-08-15 22:43 . 2013-09-12 15:27 83968 ----a-w- c:\windows\SysWow64\OEMLicense.dll 2013-08-15 22:42 . 2013-09-12 15:27 76800 ----a-w- c:\windows\SysWow64\setupcln.dll 2013-08-15 22:42 . 2013-09-12 15:27 91648 ----a-w- c:\windows\SysWow64\sppc.dll 2013-08-13 06:46 . 2013-08-13 06:46 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2013-08-13 06:46 . 2013-08-13 06:46 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-08-13 06:46 . 2013-08-13 06:46 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2013-08-13 06:46 . 2013-08-13 06:46 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2013-08-07 05:15 . 2013-09-12 15:26 144896 ----a-w- c:\windows\system32\tssdisai.dll 2013-07-30 09:01 . 2013-07-30 09:01 252728 ----a-w- c:\windows\system32\drivers\avgwfpa.sys 2013-07-27 12:44 . 2013-07-27 12:48 543744 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2013-07-27 12:44 . 2013-07-27 12:55 1664000 ----a-w- c:\windows\sttray64.exe 2013-07-27 12:44 . 2013-07-27 12:55 6102016 ----a-w- c:\windows\system32\stlang64.dll 2013-07-27 12:44 . 2013-07-27 12:48 499200 ----a-w- c:\windows\system32\stcplx64.dll 2013-07-27 12:44 . 2013-07-27 12:48 2189312 ----a-w- c:\windows\system32\stapo64.dll 2013-07-27 12:44 . 2013-07-27 12:48 672256 ------w- c:\windows\system32\stapi64.dll 2013-07-27 12:44 . 2013-07-27 12:48 256000 ----a-w- c:\windows\system32\st646433.dll 2013-07-27 12:44 . 2013-07-27 12:55 8013312 ----a-w- c:\windows\system32\IDTNHP.dll 2013-07-27 12:44 . 2013-07-27 12:55 464384 ----a-w- c:\windows\system32\slapoi64.dll 2013-07-27 12:44 . 2013-07-27 12:55 253952 ----a-w- c:\windows\system32\IDTNJ.exe 2013-07-27 12:44 . 2013-07-27 12:55 2216448 ----a-w- c:\windows\system32\IDTNX.dll 2013-07-27 12:44 . 2013-07-27 12:55 8003072 ----a-w- c:\windows\system32\IDTNGUI.exe 2013-07-27 12:44 . 2013-07-27 12:55 1821184 ----a-w- c:\windows\system32\IDTNC64.cpl 2013-07-27 12:44 . 2013-07-27 12:55 224256 ----a-w- c:\windows\system32\HPToneCtrls64.dll 2013-07-27 03:58 . 2012-07-26 07:24 2207232 ----a-w- c:\windows\SysWow64\PrintConfig.dll 2013-07-24 18:42 . 2013-07-23 14:47 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-07-24 18:42 . 2013-07-23 14:47 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-07-20 06:00 . 2013-07-20 06:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin 2013-07-20 06:00 . 2013-07-20 06:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-07-19 11:44 . 2013-07-19 11:44 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-07-19 11:26 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-09-13 05:05 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-09-13 05:05 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-09-13 05:05 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-10-09 1813928] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-09-30 3551576] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-09-24 441408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-31 580512] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\ iSCTsysTray.lnk - c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe [2012-7-24 316416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 iscFlash;iscFlash;c:\swsetup\sp60874\iscflashx64.sys;c:\swsetup\sp60874\iscflashx64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x] R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x] S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x] S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\System32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x] S3 NETwNe64;@oem35.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x] S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x] S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x] S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x] S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\system32\DRIVERS\xusb22.sys;c:\windows\SYSNATIVE\DRIVERS\xusb22.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] apphost REG_MULTI_SZ apphostsvc iissvcs REG_MULTI_SZ w3svc was . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-07 22:41 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 11:36] . 2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 11:36] . 2013-10-14 c:\windows\Tasks\HPCeeScheduleForjonny_000.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-09-13 05:02 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-09-13 05:02 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-09-13 05:02 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-07-27 1664000] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-08-27 11577216] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-21 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-21 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-21 441888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105 IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2013-10-15 12:05:59 ComboFix-quarantined-files.txt 2013-10-15 11:05 . Pre-Run: 602,388,295,680 bytes free Post-Run: 602,221,817,856 bytes free . - - End Of File - - 9F84ACD558F0275E710183AF752421B1
  10. Ron, Please accept my apologies for late reply. I have now followed your instructions but I am unable to find Combofix for Windows 8, 64-bit which is what I am running. Many thanks.
  11. Hey Ron, Many thanks for the prompt response Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.10.10.02 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16688jonny_000 :: BETSY [administrator] Protection: Enabled 10/10/2013 09:25:12mbam-log-2013-10-10 (09-25-12).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 199859Time elapsed: 4 minute(s), 49 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 5C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully. (end)
  12. I was hoping you'd be able to help. I have the pro license for your anti-malware software and have run the latest version of this and your anti-rootkit software. Although it is stating that it is finding, quarantining and deleting some infected files, they seem to reinvade my system on every re-boot etc. Please could you help me to remove this root virus? Any advice would be greatly appreciated. Many thanks, Malcs.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.