chrisd89

what virus scanner and background protection do you recommend? I now have malwarebytes paid for, I will use avast too. Do I need Spybot (which I had to delete) and I have also switch off windows defender - should I turn that back on?

thank you

completed TFC and GMER The ark.txt is blank

Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 55 Adobe Flash Player 12.0.0.77 Flash Player out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (28.0) Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````

No I cannot access either link.

MiniToolBox by Farbar Version: 23-01-2014 Ran by hardwick (administrator) on 23-04-2014 at 11:36:47 Running from "C:\Users\hardwick\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. ProxyServer: localhost:8080 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek PCIe GBE Family Controller = Local Area Connection (Connected) Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter = Wireless Network Connection (Connected) The following helper DLL cannot be loaded: WCNNETSH.DLL. # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : ChrisDeakin-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter Physical Address. . . . . . . . . : 44-33-4C-14-B7-B5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::cdff:c346:ad8b:8ed0%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.109(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 23 April 2014 11:10:21 Lease Expires . . . . . . . . . . : 23 April 2014 13:10:24 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 323236684 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-42-3D-28-AC-22-0B-4E-96-67 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : AC-22-0B-4E-96-67 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::161:d408:2a09:5a03%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 23 April 2014 11:10:23 Lease Expires . . . . . . . . . . : 23 April 2014 13:10:23 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 246161931 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-42-3D-28-AC-22-0B-4E-96-67 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{5435C9FE-6691-492A-9817-38906070C104}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1405:3388:a02d:b4d4(Preferred) Link-local IPv6 Address . . . . . : fe80::1405:3388:a02d:b4d4%12(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{2B85D761-D8B7-43A9-B55E-ECA318205108}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 173.194.45.78 173.194.45.69 173.194.45.68 173.194.45.72 173.194.45.67 173.194.45.65 173.194.45.71 173.194.45.70 173.194.45.66 173.194.45.73 173.194.45.64 Pinging google.com [173.194.45.78] with 32 bytes of data: Reply from 173.194.45.78: bytes=32 time=687ms TTL=52 Reply from 173.194.45.78: bytes=32 time=738ms TTL=52 Ping statistics for 173.194.45.78: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 687ms, Maximum = 738ms, Average = 712ms Server: UnKnown Address: 192.168.0.1 Name: yahoo.com Addresses: 98.139.183.24 98.138.253.109 206.190.36.45 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=795ms TTL=43 Reply from 98.139.183.24: bytes=32 time=776ms TTL=43 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 776ms, Maximum = 795ms, Average = 785ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 13...44 33 4c 14 b7 b5 ......Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter 11...ac 22 0b 4e 96 67 ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.109 25 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 192.168.0.101 306 169.254.0.0 255.255.0.0 On-link 192.168.0.109 306 169.254.255.255 255.255.255.255 On-link 192.168.0.101 276 169.254.255.255 255.255.255.255 On-link 192.168.0.109 281 192.168.0.0 255.255.255.0 On-link 192.168.0.109 281 192.168.0.0 255.255.255.0 On-link 192.168.0.101 276 192.168.0.101 255.255.255.255 On-link 192.168.0.101 276 192.168.0.109 255.255.255.255 On-link 192.168.0.109 281 192.168.0.255 255.255.255.255 On-link 192.168.0.109 281 192.168.0.255 255.255.255.255 On-link 192.168.0.101 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.101 276 224.0.0.0 240.0.0.0 On-link 192.168.0.109 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.101 276 255.255.255.255 255.255.255.255 On-link 192.168.0.109 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 58 ::/0 On-link 1 306 ::1/128 On-link 12 58 2001::/32 On-link 12 306 2001:0:9d38:6abd:1405:3388:a02d:b4d4/128 On-link 11 276 fe80::/64 On-link 13 281 fe80::/64 On-link 12 306 fe80::/64 On-link 11 276 fe80::161:d408:2a09:5a03/128 On-link 12 306 fe80::1405:3388:a02d:b4d4/128 On-link 13 281 fe80::cdff:c346:ad8b:8ed0/128 On-link 1 306 ff00::/8 On-link 12 306 ff00::/8 On-link 11 276 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (04/23/2014 11:12:07 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/23/2014 10:37:10 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/23/2014 11:11:25 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/23/2014 10:36:30 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-04-22 10:03:16.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-22 10:03:16.096 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-22 10:03:16.074 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-22 10:03:16.054 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-21 18:06:32.378 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-21 18:06:32.354 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ Update for Microsoft Office 2007 (KB2508958) Able Photo Resizer 2.5.11.30 (Version: 2.5.11.30) Adobe AIR (Version: 3.4.0.2540) Adobe Download Manager (Version: 1.6.2.100) Adobe Flash Player 12 ActiveX (Version: 12.0.0.77) Adobe Flash Player 12 Plugin (Version: 12.0.0.77) Adobe Reader X (10.1.9) (Version: 10.1.9) Amazon Kindle AMD Accelerated Video Transcoding (Version: 13.20.100.30911) AMD Catalyst Control Center (Version: 2013.0911.2154.37488) AMD Catalyst Install Manager (Version: 8.0.915.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80911.2216) Apple Application Support (Version: 3.0.1) Apple Mobile Device Support (Version: 7.1.1.3) Apple Software Update (Version: 2.1.3.127) Bonjour (Version: 3.0.0.10) Canon MP Navigator EX 4.0 Canon MP495 series MP Drivers Canon MP495 series User Registration Canon My Printer Canon Solution Menu EX Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2013.0911.2154.37488) Catalyst Control Center InstallProxy (Version: 2013.0911.2154.37488) Catalyst Control Center Localization All (Version: 2013.0911.2154.37488) CCC Help Chinese Standard (Version: 2013.0911.2153.37488) CCC Help Chinese Traditional (Version: 2013.0911.2153.37488) CCC Help Czech (Version: 2013.0911.2153.37488) CCC Help Danish (Version: 2013.0911.2153.37488) CCC Help Dutch (Version: 2013.0911.2153.37488) CCC Help English (Version: 2013.0911.2153.37488) CCC Help Finnish (Version: 2013.0911.2153.37488) CCC Help French (Version: 2013.0911.2153.37488) CCC Help German (Version: 2013.0911.2153.37488) CCC Help Greek (Version: 2013.0911.2153.37488) CCC Help Hungarian (Version: 2013.0911.2153.37488) CCC Help Italian (Version: 2013.0911.2153.37488) CCC Help Japanese (Version: 2013.0911.2153.37488) CCC Help Korean (Version: 2013.0911.2153.37488) CCC Help Norwegian (Version: 2013.0911.2153.37488) CCC Help Polish (Version: 2013.0911.2153.37488) CCC Help Portuguese (Version: 2013.0911.2153.37488) CCC Help Russian (Version: 2013.0911.2153.37488) CCC Help Spanish (Version: 2013.0911.2153.37488) CCC Help Swedish (Version: 2013.0911.2153.37488) CCC Help Thai (Version: 2013.0911.2153.37488) CCC Help Turkish (Version: 2013.0911.2153.37488) ccc-utility64 (Version: 2013.0911.2154.37488) CCleaner (Version: 3.12) Dropbox (Version: 2.6.25) Duplicati (x64) (Version: 1.3.4) ESET Online Scanner v3 FastStone Photo Resizer 3.2 (Version: 3.2) Google Chrome (Version: 34.0.1847.116) Google Drive (Version: 1.14.6059.644) Google Update Helper (Version: 1.3.23.9) HerdMaster4 (Version: 4.3.6) HerdMaster5 (Version: 5.1.0.0) HmInstaller (Version: 4.3.6) Intel® Management Engine Components (Version: 9.0.0.1323) Intel® Rapid Storage Technology (Version: 12.0.0.1083) Intel® USB 3.0 eXtensible Host Controller Driver (Version: 2.5.0.19) Intel® Trusted Connect Service Client (Version: 1.27.798.1) iTunes (Version: 11.1.5.5) Java 7 Update 55 (Version: 7.0.550) Java Auto Updater (Version: 2.1.9.8) Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938) Microsoft Access 2000 SR-1 Runtime (Version: 9.00.3821) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 Trial (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Standard 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Sync Framework 2.0 Core Components (x64) ENU (Version: 2.0.1578.0) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (Version: 2.0.1578.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Works (Version: 9.7.0621) Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0) Mozilla Maintenance Service (Version: 28.0) PCmover (Version: 8.00.633.0) PeerBlock 1.1 (r518) (Version: 1.1.0.518) Picasa 3 (Version: 3.9) Realtek Ethernet Controller Driver (Version: 7.67.1226.2012) Realtek High Definition Audio Driver (Version: 6.0.1.6782) SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (Version: 13.0.4.705) Slick Savings (Version: 1.3) StuffIt Expander 2011 (Version: 15.0.7.2518) SyncToy 2.1 (x64) (Version: 2.1.0) TeamViewer 9 (Version: 9.0.24951) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 2.1.3 (Version: 2.1.3) Vuze (Version: 5.3.0.0) Vuze Remote Toolbar v9.0 (Version: 9.0) ========================= Memory info: =================================== Percentage of memory in use: 45% Total physical RAM: 8130.23 MB Available physical RAM: 4436.26 MB Total Pagefile: 13115.41 MB Available Pagefile: 7744.39 MB Total Virtual: 4095.88 MB Available Virtual: 3967.24 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:931.41 GB) (Free:828.28 GB) NTFS ========================= Users: ======================================== User accounts for \\CHRISDEAKIN-PC Administrator Chris Deakin Guest hardwick **** End of log ****

ok will do. When I reboot, Malwarebytes starts automatically and I now about 20 malwares instead of just the one see below Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 23/04/2014Scan Time: 11:33:02Logfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.23.04Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: hardwick Scan Type: Threat ScanResult: CompletedObjects Scanned: 295841Time Elapsed: 6 min, 9 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 5PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\CLASSES\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [328efe2f215ac76fb135dd39758d07f9], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [328efe2f215ac76fb135dd39758d07f9], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [328efe2f215ac76fb135dd39758d07f9], PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [bc048ba23942d95d121d84976d954ab6], PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [bc048ba23942d95d121d84976d954ab6], Registry Values: 6PUP.Optional.VuzeTB.A, HKU\S-1-5-21-1004204646-2864660507-1877319225-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [328efe2f215ac76fb135dd39758d07f9], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{05478A66-EDB6-4A22-A870-A5987F80A7DA}, Vuze Remote Toolbar, , [328efe2f215ac76fb135dd39758d07f9]PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{05478A66-EDB6-4A22-A870-A5987F80A7DA}, Vuze Remote Toolbar, , [328efe2f215ac76fb135dd39758d07f9]PUP.Optional.VuzeTB.A, HKU\S-1-5-21-1004204646-2864660507-1877319225-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [8f3164c9d3a8e155b333b561aa5817e9], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [5e62ec4181fa41f5d21447cf7e847888], PUP.Optional.VuzeTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{05478A66-EDB6-4A22-A870-A5987F80A7DA}, , [ae12022b9cdfe55139ad92840bf731cf], Registry Data: 0(No malicious items detected) Folders: 5PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Local\Slick Savings, , [ac142805730878be36643e62cf342dd3], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, , [af1156d74b30c76f9f41d79453af7f81], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content, , [5b651914700bb086d60b5f0c46bc8977], Files: 13PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Local\Slick Savings\coupons.crx, , [ac142805730878be36643e62cf342dd3], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome.manifest, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\icon.png, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\install.rdf, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\config.json, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\main.js, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\main.xul, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\newtab.xul, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\prefs.txt, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\redirects.js, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\spigot.js, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Spigot.A, C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\startpage.js, , [5b651914700bb086d60b5f0c46bc8977], PUP.Optional.Conduit.A, C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=MD3C7859A-CEEB-4FEA-918C-48C0EB4393F9&SearchSource=55&CUI=&UM=5&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&SSPV=SE2YA1_sp_ch",), ,[e5dba28b7b00e551755fcb8ce123da26] Physical Sectors: 0(No malicious items detected) (end)

it says.............................................................................................................................................. This webpage is not available Reload

still not there see below. Also JRT keeps trying to save when I reboot, how can deactivate pl;ease bleepingcomputer.comHomeForumsDownloadsTutorialsStartup ListVirus RemovalUninstall ListFile DatabaseGlossaryWelcome Guest (Log In | Create Account)New Member? Join for free.Welcome Guide Chat Help Search RSS Home Welcome Guest You have to log in before you can post to this site Username Password Remember Me? Follow BleepingComputer.com Latest Virus Removal Guides Windows Internet Guard Removal Guide Key-Find.com Browser Hijacker Removal Guide WebsSearches.com Browser Hijacker Removal Guide Windows Internet Watchdog Removal Guide Windows Web Watchdog Removal Guide Page Not Found! Unfortunately the page that you requested does not exist. Don't worry, though, we have some great suggestions to help you on your way! Based on the keywords found in the URL that you attempted to visit, we have suggested similar content and articles below. Suggested Forum discussions: SecurityCheck by screen317 SecurityCheck.exe - No notepad opening Suggested Tutorials: How to disable the ability to change the Windows 8 Start Screen background How to disable the Windows Store in Windows 8 Latest Tech Support Discussions ITK programming doubt Hi New Member. Suggestions from BleepingComputer community are needed. how to network window server 2000 to windows 7 "plugged in, charging" but not charging Latest Tutorials How to sign in directly to the Windows 8.1 desktop How to enable the F8 key to start Safe Mode in Windows 8 How to change email storage folder in Windows Live Mail How to create a command-line toolkit for Windows Clear tile notifications on logout in Windows 8

tried security check link 1 and link 2 but it says website does not exist

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by hardwick on 23/04/2014 at 10:22:29.84 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] application updater Successfully deleted: [service] application updater ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\speedupmypc_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\speedupmypc_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\hardwick\AppData\Roaming\nosibay" Failed to delete: [Folder] "C:\Users\hardwick\AppData\Roaming\slick savings" Successfully deleted: [Folder] "C:\Users\hardwick\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\hardwick\appdata\locallow\search settings" Successfully deleted: [Folder] "C:\Program Files (x86)\application updater" Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadeals" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie" Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup" Successfully deleted: [Folder] "C:\Program Files (x86)\nosibay" Successfully deleted: [Folder] "C:\Program Files (x86)\vuze remote toolbar" Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot" ~~~ FireFox Successfully deleted: [File] C:\Users\hardwick\AppData\Roaming\mozilla\firefox\profiles\mt0zvmh2.default\user.js Successfully deleted: [Folder] C:\Users\hardwick\AppData\Roaming\mozilla\firefox\profiles\mt0zvmh2.default\extensions\savingsslider@mybrowserbar.com Emptied folder: C:\Users\hardwick\AppData\Roaming\mozilla\firefox\profiles\mt0zvmh2.default\minidumps [3 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23/04/2014 at 10:25:53.23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ security check to follow next

It is still on the system because: 1. My bank tells me they can still see it and won't reauthorise online access until they see it has gone 2. Malwarebytes keeps picking it up because I have to scan every hour.

I completed the scan and saved the ark.txt file but the scan said 'no modifications found' and the log is completely empty

C:\AdwCleaner\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir a variant of Win32/Toolbar.Widgi.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\Auction_RaptorToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\ldrtbAuct.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\prxtbAuc0.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\prxtbAuct.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\tbAuct.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\wth169.dll.vir a variant of Win32/Toolbar.Widgi.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\wthx169.dll.vir a variant of Win64/Toolbar.Widgi.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\SlickSavings\SlickSavingsSetup.exe.vir Win32/Toolbar.Widgi.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyIE.dll.vir a variant of Win32/DealPly.G potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateVer.exe.vir a variant of Win32/DealPly.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\DealPlyLive.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir Win32/DealPly.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\PricePeep\pricepeep.dll.vir a variant of Win32/AdWare.PricePeep.A application C:\AdwCleaner\Quarantine\C\Program Files\Vuze Remote toolbar\FF\components\vuzeToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze Remote toolbar\IE\7.9\vuzeToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\ldrtbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\prxtbVuze.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Wajam\IE\priam_bho.dll.vir a variant of Win32/Wajam.G potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\WajamUpdater.exe.vir Win32/Wajam.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT111115\Auction_RaptorAutoUpdateHelper.exe (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT111115\Auction_RaptorAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl\10.20.1.508_0\plugins\TBVerifier.dll (1).vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl\10.20.1.508_0\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\background.js (1).vir Win32/DealPly.J potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\background.js.vir Win32/DealPly.J potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.20.1.508_0\plugins\TBVerifier.dll (1).vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.20.1.508_0\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuc0.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuc0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuct.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuct.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc0.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc1.dll (1).vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuct.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuct.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz1.dll (1).vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuze.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (1).vir a variant of Win32/DealPly.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\g48916ym.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul (1).vir Win32/DealPly.J potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\g48916ym.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir Win32/DealPly.J potentially unwanted application C:\FRST\Quarantine\C\Users\hardwick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.O potentially unwanted application C:\Program Files (x86)\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application C:\Qoobox\Quarantine\C\Program Files (x86)\SaveShare\uninstall.exe.vir Win32/SProtector.B potentially unwanted application C:\Users\hardwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ARC2BB0\SPSetup[1].exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\Users\hardwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QP2GA7G\sp-downloader[1].exe Win32/Toolbar.Conduit.R potentially unwanted application C:\Users\hardwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVFGAHO1\Setup[1].exe a variant of Win32/BrowseFox.F potentially unwanted application C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\Player_Setup (1).exe a variant of Win32/DomaIQ.AM potentially unwanted application C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\Player_Setup.exe a variant of Win32/DomaIQ.AM potentially unwanted application C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\SoftonicDownloader_for_able-photo-resizer.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\SoftonicDownloader_for_faststone-image-viewer.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application C:\Users\hardwick\Desktop\Misc Temp Desktop files\Setup (1).exe Win32/AdWare.iBryte.G application C:\Users\hardwick\Desktop\Misc Temp Desktop files\tb_Auction_Raptor.exe a variant of Win32/Wajam.F potentially unwanted application C:\Users\hardwick\Downloads\ccsetup312 (1).exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Users\hardwick\Downloads\ccsetup312.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Users\hardwick\Downloads\cnet2_flactomp3converter42_exe (1).exe a variant of Win32/InstallCore.D potentially unwanted application C:\Users\hardwick\Downloads\cnet2_flactomp3converter42_exe.exe a variant of Win32/InstallCore.D potentially unwanted application

ComboFix 14-04-20.01 - hardwick 22/04/2014 10:00:44.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8130.6280 [GMT 1:00] Running from: c:\users\hardwick\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-03-22 to 2014-04-22 ))))))))))))))))))))))))))))))) . . 2014-04-22 09:03 . 2014-04-22 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-22 09:03 . 2014-04-22 09:03 -------- d-----w- c:\users\Chris Deakin\AppData\Local\temp 2014-04-22 07:09 . 2014-04-17 04:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF3997C2-8077-4E46-8978-ED183B88A91F}\mpengine.dll 2014-04-18 08:39 . 2014-04-14 19:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-15 15:14 . 2014-04-15 15:14 -------- d-----w- c:\users\hardwick\AppData\Local\WebInternetSecurity 2014-04-15 14:19 . 2014-04-17 10:28 -------- d-----w- C:\FRST 2014-04-08 23:03 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll 2014-04-08 23:03 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-04-08 23:03 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-04-07 18:01 . 2014-04-07 18:01 -------- d-----w- c:\users\hardwick\AppData\Roaming\DropboxMaster 2014-04-07 11:45 . 2014-04-22 08:59 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\programdata\Malwarebytes 2014-04-07 11:44 . 2014-04-03 08:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-07 11:44 . 2014-04-03 08:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-07 11:44 . 2014-04-03 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-22 08:58 . 2013-12-17 19:02 65536 ----a-w- c:\windows\system32\spu_storage.bin 2014-04-12 14:00 . 2014-01-04 10:04 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-14 07:41 . 2014-02-12 07:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-14 07:41 . 2014-02-12 07:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-04 09:17 . 2014-04-08 23:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-03-01 05:16 . 2014-03-13 15:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-03-01 04:58 . 2014-03-13 15:55 2765824 ----a-w- c:\windows\system32\iertutil.dll 2014-03-01 04:52 . 2014-03-13 15:55 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-03-01 04:51 . 2014-03-13 15:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-03-01 04:42 . 2014-03-13 15:55 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-03-01 04:40 . 2014-03-13 15:55 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-03-01 04:37 . 2014-03-13 15:55 574976 ----a-w- c:\windows\system32\ieui.dll 2014-03-01 04:33 . 2014-03-13 15:55 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-01 04:33 . 2014-03-13 15:55 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-03-01 04:32 . 2014-03-13 15:55 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2014-03-01 04:23 . 2014-03-13 15:55 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-03-01 04:17 . 2014-03-13 15:55 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2014-03-01 04:02 . 2014-03-13 15:55 195584 ----a-w- c:\windows\system32\msrating.dll 2014-03-01 03:54 . 2014-03-13 15:55 5768704 ----a-w- c:\windows\system32\jscript9.dll 2014-03-01 03:52 . 2014-03-13 15:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-03-01 03:51 . 2014-03-13 15:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:42 . 2014-03-13 15:55 627200 ----a-w- c:\windows\system32\msfeeds.dll 2014-03-01 03:38 . 2014-03-13 15:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-03-01 03:37 . 2014-03-13 15:55 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-03-01 03:35 . 2014-03-13 15:55 2041856 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-01 03:18 . 2014-03-13 15:55 13051904 ----a-w- c:\windows\system32\ieframe.dll 2014-03-01 03:14 . 2014-03-13 15:55 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-03-01 03:10 . 2014-03-13 15:55 2334208 ----a-w- c:\windows\system32\wininet.dll 2014-03-01 03:00 . 2014-03-13 15:55 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-03-01 02:38 . 2014-03-13 15:55 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-03-01 02:32 . 2014-03-13 15:55 1820160 ----a-w- c:\windows\SysWow64\wininet.dll 2014-03-01 02:25 . 2014-03-13 15:55 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2014-02-07 01:23 . 2014-03-13 15:55 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:32 . 2014-03-13 15:54 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:32 . 2014-03-13 15:54 624128 ----a-w- c:\windows\system32\qedit.dll 2014-02-04 02:04 . 2014-03-13 15:54 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-02-04 02:04 . 2014-03-13 15:54 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-01-29 02:32 . 2014-03-13 15:55 484864 ----a-w- c:\windows\system32\wer.dll 2014-01-29 02:06 . 2014-03-13 15:55 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-01-28 02:32 . 2014-03-13 15:55 228864 ----a-w- c:\windows\system32\wwansvc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FBBF48DDF52CFE01A375E54F303562119CD0BB61._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032] "PeerBlock"="c:\program files (x86)\peerblock\peerblock.exe" [2010-11-06 1866864] "GoogleChromeAutoLaunch_DDAA95BF07E3734F0BE24CB51FCD11D0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-11 766208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Duplicati.lnk - c:\program files\Duplicati\Duplicati.exe [2013-1-31 1456640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R3 pbfilter;pbfilter;c:\program files (x86)\PeerBlock\pbfilter.sys;c:\program files (x86)\PeerBlock\pbfilter.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MBAMWEBACCESSCONTROL *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-10 08:50 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 07:41] . 2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39] . 2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = localhost:8080 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\ . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-22 10:04:36 ComboFix-quarantined-files.txt 2014-04-22 09:04 ComboFix2.txt 2014-04-21 18:56 ComboFix3.txt 2014-04-21 17:08 . Pre-Run: 891,548,102,656 bytes free Post-Run: 891,461,632,000 bytes free . - - End Of File - - 5D06D89020BE5043A31EAEC9BC8AAD44 A36C5E4F47E84449FF07ED3517B43A31

ComboFix 14-04-20.01 - hardwick 21/04/2014 19:52:19.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8130.4992 [GMT 1:00] Running from: c:\users\hardwick\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2014-03-21 to 2014-04-21 ))))))))))))))))))))))))))))))) . . 2014-04-21 18:55 . 2014-04-21 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-21 18:55 . 2014-04-21 18:55 -------- d-----w- c:\users\Chris Deakin\AppData\Local\temp 2014-04-19 03:55 . 2014-04-19 03:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC2ACB1E-830B-4B1B-AEAB-E495C33F5CDD}\offreg.dll 2014-04-18 22:19 . 2014-04-17 04:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC2ACB1E-830B-4B1B-AEAB-E495C33F5CDD}\mpengine.dll 2014-04-18 08:39 . 2014-04-14 19:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-15 15:14 . 2014-04-15 15:14 -------- d-----w- c:\users\hardwick\AppData\Local\WebInternetSecurity 2014-04-15 14:19 . 2014-04-17 10:28 -------- d-----w- C:\FRST 2014-04-08 23:03 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll 2014-04-08 23:03 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-04-08 23:03 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-04-07 18:01 . 2014-04-07 18:01 -------- d-----w- c:\users\hardwick\AppData\Roaming\DropboxMaster 2014-04-07 11:45 . 2014-04-21 15:01 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\programdata\Malwarebytes 2014-04-07 11:44 . 2014-04-03 08:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-07 11:44 . 2014-04-03 08:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-07 11:44 . 2014-04-03 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-21 17:42 . 2013-12-17 19:02 65536 ----a-w- c:\windows\system32\spu_storage.bin 2014-04-12 14:00 . 2014-01-04 10:04 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-14 07:41 . 2014-02-12 07:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-14 07:41 . 2014-02-12 07:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-04 09:17 . 2014-04-08 23:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-03-01 05:16 . 2014-03-13 15:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-03-01 04:58 . 2014-03-13 15:55 2765824 ----a-w- c:\windows\system32\iertutil.dll 2014-03-01 04:52 . 2014-03-13 15:55 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-03-01 04:51 . 2014-03-13 15:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-03-01 04:42 . 2014-03-13 15:55 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-03-01 04:40 . 2014-03-13 15:55 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-03-01 04:37 . 2014-03-13 15:55 574976 ----a-w- c:\windows\system32\ieui.dll 2014-03-01 04:33 . 2014-03-13 15:55 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-01 04:33 . 2014-03-13 15:55 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-03-01 04:32 . 2014-03-13 15:55 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2014-03-01 04:23 . 2014-03-13 15:55 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-03-01 04:17 . 2014-03-13 15:55 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2014-03-01 04:02 . 2014-03-13 15:55 195584 ----a-w- c:\windows\system32\msrating.dll 2014-03-01 03:54 . 2014-03-13 15:55 5768704 ----a-w- c:\windows\system32\jscript9.dll 2014-03-01 03:52 . 2014-03-13 15:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-03-01 03:51 . 2014-03-13 15:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:42 . 2014-03-13 15:55 627200 ----a-w- c:\windows\system32\msfeeds.dll 2014-03-01 03:38 . 2014-03-13 15:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-03-01 03:37 . 2014-03-13 15:55 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-03-01 03:35 . 2014-03-13 15:55 2041856 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-01 03:18 . 2014-03-13 15:55 13051904 ----a-w- c:\windows\system32\ieframe.dll 2014-03-01 03:14 . 2014-03-13 15:55 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-03-01 03:10 . 2014-03-13 15:55 2334208 ----a-w- c:\windows\system32\wininet.dll 2014-03-01 03:00 . 2014-03-13 15:55 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-03-01 02:38 . 2014-03-13 15:55 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-03-01 02:32 . 2014-03-13 15:55 1820160 ----a-w- c:\windows\SysWow64\wininet.dll 2014-03-01 02:25 . 2014-03-13 15:55 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2014-02-07 01:23 . 2014-03-13 15:55 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:32 . 2014-03-13 15:54 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:32 . 2014-03-13 15:54 624128 ----a-w- c:\windows\system32\qedit.dll 2014-02-04 02:04 . 2014-03-13 15:54 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-02-04 02:04 . 2014-03-13 15:54 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-01-29 02:32 . 2014-03-13 15:55 484864 ----a-w- c:\windows\system32\wer.dll 2014-01-29 02:06 . 2014-03-13 15:55 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-01-28 02:32 . 2014-03-13 15:55 228864 ----a-w- c:\windows\system32\wwansvc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FBBF48DDF52CFE01A375E54F303562119CD0BB61._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032] "PeerBlock"="c:\program files (x86)\peerblock\peerblock.exe" [2010-11-06 1866864] "GoogleChromeAutoLaunch_DDAA95BF07E3734F0BE24CB51FCD11D0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-11 766208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Duplicati.lnk - c:\program files\Duplicati\Duplicati.exe [2013-1-31 1456640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R3 pbfilter;pbfilter;c:\program files (x86)\PeerBlock\pbfilter.sys;c:\program files (x86)\PeerBlock\pbfilter.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMPROTECTOR *Deregistered* - MBAMWebAccessControl . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-10 08:50 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 07:41] . 2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39] . 2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\ . - - - - ORPHANS REMOVED - - - - . Notify-SDWinLogon - SDWinLogon.dll ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-21 19:56:29 ComboFix-quarantined-files.txt 2014-04-21 18:56 ComboFix2.txt 2014-04-21 17:08 . Pre-Run: 892,863,029,248 bytes free Post-Run: 892,799,778,816 bytes free . - - End Of File - - ED37FE692CA1C5D825DC61D2D19E853B A36C5E4F47E84449FF07ED3517B43A31

Hi, I still have the TATANGA malware on my PC - are you able to help please?

Sorry - I hope this is right? Log Opened: 2014-04-17 @ 16:17:04 16:17:04 - ----------------- 16:17:04 - | Begin Logging | 16:17:04 - ----------------- 16:17:04 - Fix started on a WIN_7 X64 computer 16:17:04 - Prep in progress. Please Wait. 16:17:05 - Prep complete 16:17:05 - Repairing Services Now. Please wait... INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv> SetACL finished successfully. 16:17:07 - Services Repair Complete. 16:17:45 - Reboot Initiated Log Opened: 2014-04-18 @ 09:31:08 09:31:08 - ----------------- 09:31:08 - | Begin Logging | 09:31:08 - ----------------- 09:31:08 - Fix started on a WIN_7 X64 computer 09:31:08 - Prep in progress. Please Wait. 09:31:09 - Prep complete 09:31:09 - Repairing Services Now. Please wait... INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv> SetACL finished successfully. 09:31:10 - Services Repair Complete. 09:31:29 - Reboot Initiated Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 18/04/2014 Scan Time: 09:06:22 Logfile: Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.17.04 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: hardwick Scan Type: Threat Scan Result: Completed Objects Scanned: 286469 Time Elapsed: 15 hr, 32 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Conduit.A, C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=MD3C7859A-CEEB-4FEA-918C-48C0EB4393F9&SearchSource=55&CUI=&UM=5&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&SSPV=SE2YA1_sp_ch",), Replaced,[b6b278b3b1caf73fad931c36ff05ff01] Physical Sectors: 0 (No malicious items detected) (end)

Malwarebytes Anti-Malware www.malwarebytes.org Protection, 17/04/2014 07:54:21, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Starting, Protection, 17/04/2014 07:54:21, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Started, Protection, 17/04/2014 07:54:21, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, Protection, 17/04/2014 07:55:20, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, Update, 17/04/2014 08:21:20, SYSTEM, CHRISDEAKIN-PC, Scheduler, Malware Database, 2014.4.15.6, 2014.4.17.2, Protection, 17/04/2014 08:21:27, SYSTEM, CHRISDEAKIN-PC, Protection, Refresh, Starting, Protection, 17/04/2014 08:21:27, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopping, Protection, 17/04/2014 08:21:27, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopped, Protection, 17/04/2014 08:21:29, SYSTEM, CHRISDEAKIN-PC, Protection, Refresh, Success, Protection, 17/04/2014 08:21:29, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, Protection, 17/04/2014 08:21:30, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, Detection, 17/04/2014 10:22:41, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54781, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 17/04/2014 10:22:42, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54782, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 17/04/2014 10:22:42, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54781, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 17/04/2014 10:22:42, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54790, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 17/04/2014 10:24:32, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54933, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 17/04/2014 10:24:32, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54934, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 17/04/2014 10:24:32, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54935, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Protection, 17/04/2014 11:28:28, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopping, Protection, 17/04/2014 11:28:28, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopped, Protection, 17/04/2014 11:28:28, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Stopping, Protection, 17/04/2014 11:28:33, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Stopped, Protection, 17/04/2014 13:32:39, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Starting, Protection, 17/04/2014 13:32:39, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Started, Protection, 17/04/2014 13:32:39, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, Protection, 17/04/2014 13:32:39, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, Update, 17/04/2014 15:51:13, SYSTEM, CHRISDEAKIN-PC, Scheduler, Malware Database, 2014.4.17.2, 2014.4.17.4, Protection, 17/04/2014 15:51:20, SYSTEM, CHRISDEAKIN-PC, Protection, Refresh, Starting, Protection, 17/04/2014 15:51:20, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopping, Protection, 17/04/2014 15:51:20, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopped, Protection, 17/04/2014 15:51:22, SYSTEM, CHRISDEAKIN-PC, Protection, Refresh, Success, Protection, 17/04/2014 15:51:22, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, Protection, 17/04/2014 15:51:23, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, Protection, 17/04/2014 16:18:36, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Starting, Protection, 17/04/2014 16:18:36, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Started, Protection, 17/04/2014 16:18:36, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, Protection, 17/04/2014 16:18:44, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, (end)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 Ran by hardwick at 2014-04-17 11:28:38 Run:1 Running from C:\Users\hardwick\Desktop\Misc Temp Desktop files Boot Mode: Normal ============================================== Content of fixlist: ***************** (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe (Azureus Software, Inc) C:\Program Files (x86)\Vuze\Azureus.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe HKLM-x32\...\Run: [WebInternetSecurity] => C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe [797184 2013-12-30] (WebInternetSecurity) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found ProxyServer: http=127.0.0.1:49188;https=127.0.0.1:49188 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080915 SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.c...&ent=ch_4981&q={searchTerms} SearchScopes: HKCU - {C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} URL = http://uk.search.yah...&type=994519&p={searchTerms} CHR Extension: (Auction Raptor) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl [2014-01-17] CHR HKCU\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12] CHR HKLM-x32\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12] CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2014-01-12] Task: {B5155B2D-2BF5-4E29-BF87-F6C2F44E0FD5} - System32\Tasks\UpdaterEX => C:\Users\hardwick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {E5526BD6-A25C-4DE0-9008-D163DEDAD49A} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe [2014-04-08] () Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\hardwick\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION S2 Util sizlsearch; "C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe" [X] C:\Program Files (x86)\Webinternetsecurity C:\PROGRA~2\SearchProtect C:\Program Files (x86)\sizlsearch C:\Windows\System32\Tasks\WebInternetSecurity Update Task 2014-04-15 15:19 - 2013-12-21 01:19 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Azureus 2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect 2014-04-03 08:32 - 2013-12-21 23:14 - 00000000 ____D () C:\ProgramData\Search Protection C:\Users\hardwick\AppData\Roaming\UpdaterEX ***************** [2380] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully. C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe => No running process found C:\Program Files (x86)\Vuze\Azureus.exe => No running process found [2624] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully. [2188] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully. [2188] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully. [2188] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WebInternetSecurity => Value deleted successfully. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully. HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully. HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} => Key deleted successfully. HKCR\CLSID\{C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} => Key deleted successfully. C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl => Moved successfully. HKCU\SOFTWARE\Google\Chrome\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl => Key deleted successfully. C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl => Key deleted successfully. "C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh => Key deleted successfully. "C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5155B2D-2BF5-4E29-BF87-F6C2F44E0FD5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5155B2D-2BF5-4E29-BF87-F6C2F44E0FD5} => Key deleted successfully. C:\Windows\System32\Tasks\UpdaterEX => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5526BD6-A25C-4DE0-9008-D163DEDAD49A} => Key deleted successfully. C:\Windows\System32\Tasks\WebInternetSecurity Update Task not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebInternetSecurity Update Task => Key deleted successfully. C:\Windows\Tasks\UpdaterEX.job => Moved successfully. Util sizlsearch => Service deleted successfully. "C:\Program Files (x86)\Webinternetsecurity" => File/Directory not found. "C:\PROGRA~2\SearchProtect" => File/Directory not found. "C:\Program Files (x86)\sizlsearch" => File/Directory not found. "C:\Windows\System32\Tasks\WebInternetSecurity Update Task" => File/Directory not found. C:\Users\hardwick\AppData\Roaming\Azureus => Moved successfully. C:\Users\hardwick\AppData\Local\SearchProtect => Moved successfully. C:\ProgramData\Search Protection => Moved successfully. C:\Users\hardwick\AppData\Roaming\UpdaterEX => Moved successfully. ==== End of Fixlog ====

I have just run malware again and the same virus is there Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 15/04/2014Scan Time: 16:46:04Logfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.15.06Rootkit Database: v2014.03.27.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: hardwick Scan Type: Threat ScanResult: CompletedObjects Scanned: 283217Time Elapsed: 5 min, 15 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Conduit.A, C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=MD3C7859A-CEEB-4FEA-918C-48C0EB4393F9&SearchSource=55&CUI=&UM=5&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&SSPV=SE2YA1_sp_ch",), ,[9012af7b384372c410ea0e400400c43c] Physical Sectors: 0(No malicious items detected) (end)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by hardwick (administrator) on CHRISDEAKIN-PC on 15-04-2014 16:15:22 Running from C:\Users\hardwick\Desktop\Misc Temp Desktop files Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (HexaD) C:\Program Files\Duplicati\Duplicati.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\splwow64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [WebInternetSecurity] => "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe" HKLM-x32\...\Runonce: [Webinternetsecurity-dl Data Uninstall] - cmd /C rd /Q /S "C:\Program Files (x86)\Webinternetsecurity" [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [FBBF48DDF52CFE01A375E54F303562119CD0BB61._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.) HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [PeerBlock] => C:\Program Files (x86)\peerblock\peerblock.exe [1866864 2010-11-06] (PeerBlock, LLC) HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [GoogleChromeAutoLaunch_DDAA95BF07E3734F0BE24CB51FCD11D0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080915 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_4981&q={searchTerms} SearchScopes: HKCU - {C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: HKLM-x32 {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default FF user.js: detected! => C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\user.js FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.100 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\hardwick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\hardwick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File Chrome: ======= CHR DefaultSearchKeyword: google.co.uk CHR Extension: (Live Documents) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\amaifjdaecbdedhngkjojpkdnjndpcch [2013-12-21] CHR Extension: (Google Docs) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21] CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-12-21] CHR Extension: (Google Drive) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21] CHR Extension: (Auction Raptor) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl [2014-01-17] CHR Extension: (YouTube) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21] CHR Extension: (Google Search) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21] CHR Extension: (Gmail Offline) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-21] CHR Extension: (Google Calendar) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-21] CHR Extension: (Pivotal Tracker) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmopohenfphcfkjklbikdpfhilnlckfl [2013-12-21] CHR Extension: (Digital Clock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-12-21] CHR Extension: (AdBlock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-21] CHR Extension: (Bubble Dock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp [2013-12-21] CHR Extension: (Potiphar) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdjehpheibomdlhciohiojkfliemofjg [2013-12-21] CHR Extension: (FastestFox for Chrome) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-12-21] CHR Extension: (Google Play Books) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-12-21] CHR Extension: (Google Wallet) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-12-21] CHR Extension: (Rain Alarm Extension) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd [2013-12-21] CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2013-12-21] CHR Extension: (Gmail) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21] CHR HKCU\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12] CHR HKLM-x32\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12] CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2014-01-12] CHR HKLM-x32\...\Chrome\Extension: [kbjlipmgfoamgjaogmbihaffnpkpjajp] - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\GCSurfMatch.crx [2012-11-06] ==================== Services (Whitelisted) ================= R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S2 Util sizlsearch; "C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe" [X] ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] () R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) S3 pbfilter; C:\Program Files (x86)\PeerBlock\pbfilter.sys [20080 2010-11-06] () S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 16:14 - 2014-04-15 16:14 - 00000000 ____D () C:\Users\hardwick\AppData\Local\WebInternetSecurity 2014-04-15 15:23 - 2014-04-15 15:23 - 00000000 ____D () C:\Users\hardwick\Desktop\TDSSKiller 2014-04-15 15:19 - 2014-04-15 16:15 - 00000000 ____D () C:\FRST 2014-04-09 00:03 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 00:03 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 00:03 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 00:03 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 00:02 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 00:02 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 00:02 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 00:02 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 00:02 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 00:02 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 00:02 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 00:02 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 00:02 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 00:02 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 00:02 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 00:02 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 12:29 - 2014-04-15 16:14 - 00000000 ____D () C:\Program Files (x86)\Webinternetsecurity 2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect 2014-04-08 12:24 - 2014-04-08 12:24 - 00003244 _____ () C:\Windows\System32\Tasks\{F6CCB10D-64BD-4963-8009-1A5462614C89} 2014-04-07 19:01 - 2014-04-07 19:01 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\DropboxMaster 2014-04-07 13:01 - 2014-04-14 13:03 - 00000392 _____ () C:\Windows\setupact.log 2014-04-07 13:01 - 2014-04-09 07:51 - 00648024 _____ () C:\Windows\PFRO.log 2014-04-07 13:01 - 2014-04-07 13:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-07 12:59 - 2014-04-07 12:59 - 00100422 _____ () C:\Users\hardwick\Documents\cc_20140407_125926.reg 2014-04-07 12:45 - 2014-04-15 15:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-07 12:44 - 2014-04-07 12:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-07 12:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-07 12:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-07 12:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 08:55 - 2014-04-02 08:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-22 16:51 - 2014-04-12 10:28 - 00000000 ____D () C:\Users\hardwick\Desktop\BAS printing 2014-03-19 17:17 - 2014-03-19 17:17 - 00047104 _____ () C:\Users\hardwick\Documents\HOEAG membership.xls ==================== One Month Modified Files and Folders ======= 2014-04-15 16:15 - 2014-04-15 15:19 - 00000000 ____D () C:\FRST 2014-04-15 16:15 - 2013-12-21 01:23 - 00000000 ____D () C:\Users\hardwick\Desktop\Misc Temp Desktop files 2014-04-15 16:14 - 2014-04-15 16:14 - 00000000 ____D () C:\Users\hardwick\AppData\Local\WebInternetSecurity 2014-04-15 16:14 - 2014-04-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Webinternetsecurity 2014-04-15 16:13 - 2013-12-21 01:19 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Azureus 2014-04-15 15:57 - 2013-12-21 19:43 - 00000304 _____ () C:\Windows\Tasks\UpdaterEX.job 2014-04-15 15:53 - 2014-02-12 08:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-15 15:46 - 2013-12-20 21:39 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-15 15:23 - 2014-04-15 15:23 - 00000000 ____D () C:\Users\hardwick\Desktop\TDSSKiller 2014-04-15 15:23 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-15 15:23 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-15 15:00 - 2014-04-07 12:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 14:35 - 2013-12-17 17:59 - 01259094 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 14:09 - 2013-12-17 20:02 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2014-04-15 13:06 - 2013-12-31 15:26 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Duplicati 2014-04-15 12:46 - 2013-12-20 21:39 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-14 13:09 - 2009-07-14 06:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-14 13:04 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-04-14 13:03 - 2014-04-07 13:01 - 00000392 _____ () C:\Windows\setupact.log 2014-04-14 13:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-12 16:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-04-12 15:01 - 2014-01-04 11:04 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-12 15:00 - 2014-01-04 11:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-12 10:28 - 2014-03-22 16:51 - 00000000 ____D () C:\Users\hardwick\Desktop\BAS printing 2014-04-09 07:51 - 2014-04-07 13:01 - 00648024 _____ () C:\Windows\PFRO.log 2014-04-09 07:51 - 2012-08-26 13:15 - 00000000 ___RD () C:\Users\hardwick\Dropbox 2014-04-08 17:16 - 2013-12-21 01:20 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Dropbox 2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect 2014-04-08 12:24 - 2014-04-08 12:24 - 00003244 _____ () C:\Windows\System32\Tasks\{F6CCB10D-64BD-4963-8009-1A5462614C89} 2014-04-07 19:01 - 2014-04-07 19:01 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\DropboxMaster 2014-04-07 19:01 - 2013-12-21 01:31 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-07 19:01 - 2012-08-26 13:15 - 00001032 _____ () C:\Users\hardwick\Desktop\Dropbox.lnk 2014-04-07 13:01 - 2014-04-07 13:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-07 12:59 - 2014-04-07 12:59 - 00100422 _____ () C:\Users\hardwick\Documents\cc_20140407_125926.reg 2014-04-07 12:58 - 2013-12-21 01:59 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock 2014-04-07 12:58 - 2013-12-21 01:19 - 00000000 ___DC () C:\Users\hardwick\AppData\Local\MigWiz 2014-04-07 12:58 - 2013-12-18 01:38 - 00000000 ____D () C:\Windows\Panther 2014-04-07 12:55 - 2013-12-21 02:01 - 00000000 ____D () C:\Users\hardwick\AppData\Local\genienext 2014-04-07 12:55 - 2013-12-21 01:59 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Nosibay 2014-04-07 12:44 - 2014-04-07 12:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-03 12:50 - 2013-12-21 01:22 - 00000000 ____D () C:\Users\hardwick\Desktop\Alpaca Mail lists 2014-04-03 12:16 - 2012-03-09 09:09 - 00271360 _____ () C:\Users\hardwick\Documents\archive Recovered Demo.pst 2014-04-03 12:15 - 2012-03-09 09:09 - 00271360 _____ () C:\Users\hardwick\Documents\archive Recovered Demo (1).pst 2014-04-03 09:51 - 2014-04-07 12:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-07 12:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-07 12:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-03 09:40 - 2013-12-21 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 09:35 - 2014-02-18 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-04-03 08:32 - 2013-12-21 23:14 - 00000000 ____D () C:\ProgramData\Search Protection 2014-04-02 18:33 - 2013-12-22 12:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-04-02 08:56 - 2014-04-02 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-31 02:16 - 2014-04-09 00:03 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 02:13 - 2014-04-09 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 01:13 - 2014-04-09 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 00:57 - 2014-04-09 00:03 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-26 13:41 - 2013-12-20 21:39 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-26 13:41 - 2013-12-20 21:39 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-22 13:12 - 2013-12-21 01:22 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\vlc 2014-03-19 17:17 - 2014-03-19 17:17 - 00047104 _____ () C:\Users\hardwick\Documents\HOEAG membership.xls Some content of TEMP: ==================== C:\Users\hardwick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhay4.dll C:\Users\hardwick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpirbs_x.dll C:\Users\hardwick\AppData\Local\Temp\i4jdel0.exe C:\Users\hardwick\AppData\Local\Temp\System.Data.SQLite.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 00:06 ==================== End Of Log ============================ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 15/04/2014 Scan Time: 16:22:06 Logfile: Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.15.06 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: hardwick Scan Type: Threat Scan Result: Completed Objects Scanned: 285966 Time Elapsed: 4 min, 53 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Conduit.A, C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=MD3C7859A-CEEB-4FEA-918C-48C0EB4393F9&SearchSource=55&CUI=&UM=5&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&SSPV=SE2YA1_sp_ch",), Replaced,[dac811197ffc0a2caa5090be7b89a35d] Physical Sectors: 0 (No malicious items detected) (end)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by hardwick (administrator) on CHRISDEAKIN-PC on 15-04-2014 15:19:30 Running from C:\Users\hardwick\Desktop\Misc Temp Desktop files Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (HexaD) C:\Program Files\Duplicati\Duplicati.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe (Microsoft Corporation) C:\Windows\splwow64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Azureus Software, Inc) C:\Program Files (x86)\Vuze\Azureus.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [WebInternetSecurity] => C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe [797184 2013-12-30] (WebInternetSecurity) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [FBBF48DDF52CFE01A375E54F303562119CD0BB61._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.) HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [PeerBlock] => C:\Program Files (x86)\peerblock\peerblock.exe [1866864 2010-11-06] (PeerBlock, LLC) HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [GoogleChromeAutoLaunch_DDAA95BF07E3734F0BE24CB51FCD11D0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49188;https=127.0.0.1:49188 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080915 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_4981&q={searchTerms} SearchScopes: HKCU - {C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: HKLM-x32 {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default FF user.js: detected! => C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\user.js FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.100 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\hardwick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\hardwick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File Chrome: ======= CHR DefaultSearchKeyword: google.co.uk CHR Extension: (Live Documents) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\amaifjdaecbdedhngkjojpkdnjndpcch [2013-12-21] CHR Extension: (Google Docs) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21] CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-12-21] CHR Extension: (Google Drive) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21] CHR Extension: (Auction Raptor) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl [2014-01-17] CHR Extension: (YouTube) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21] CHR Extension: (Google Search) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21] CHR Extension: (Gmail Offline) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-21] CHR Extension: (Google Calendar) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-21] CHR Extension: (Pivotal Tracker) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmopohenfphcfkjklbikdpfhilnlckfl [2013-12-21] CHR Extension: (Digital Clock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-12-21] CHR Extension: (AdBlock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-21] CHR Extension: (Bubble Dock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp [2013-12-21] CHR Extension: (Potiphar) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdjehpheibomdlhciohiojkfliemofjg [2013-12-21] CHR Extension: (FastestFox for Chrome) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-12-21] CHR Extension: (Google Play Books) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-12-21] CHR Extension: (Google Wallet) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-12-21] CHR Extension: (Rain Alarm Extension) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd [2013-12-21] CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2013-12-21] CHR Extension: (Gmail) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21] CHR HKCU\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12] CHR HKLM-x32\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12] CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2014-01-12] CHR HKLM-x32\...\Chrome\Extension: [kbjlipmgfoamgjaogmbihaffnpkpjajp] - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\GCSurfMatch.crx [2012-11-06] ==================== Services (Whitelisted) ================= R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S2 Util sizlsearch; "C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe" [X] ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] () R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 pbfilter; C:\Program Files (x86)\PeerBlock\pbfilter.sys [20080 2010-11-06] () S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 15:19 - 2014-04-15 15:19 - 00000000 ____D () C:\FRST 2014-04-09 00:03 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 00:03 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 00:03 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 00:03 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 00:02 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 00:02 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 00:02 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 00:02 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 00:02 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 00:02 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 00:02 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 00:02 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 00:02 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 00:02 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 00:02 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 00:02 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 00:02 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 12:29 - 2014-04-08 12:29 - 00003894 _____ () C:\Windows\System32\Tasks\WebInternetSecurity Update Task 2014-04-08 12:29 - 2014-04-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Webinternetsecurity 2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect 2014-04-08 12:24 - 2014-04-08 12:24 - 00003244 _____ () C:\Windows\System32\Tasks\{F6CCB10D-64BD-4963-8009-1A5462614C89} 2014-04-07 19:01 - 2014-04-07 19:01 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\DropboxMaster 2014-04-07 13:01 - 2014-04-14 13:03 - 00000392 _____ () C:\Windows\setupact.log 2014-04-07 13:01 - 2014-04-09 07:51 - 00648024 _____ () C:\Windows\PFRO.log 2014-04-07 13:01 - 2014-04-07 13:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-07 12:59 - 2014-04-07 12:59 - 00100422 _____ () C:\Users\hardwick\Documents\cc_20140407_125926.reg 2014-04-07 12:45 - 2014-04-15 15:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-07 12:44 - 2014-04-07 12:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-07 12:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-07 12:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-07 12:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 08:55 - 2014-04-02 08:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-22 16:51 - 2014-04-12 10:28 - 00000000 ____D () C:\Users\hardwick\Desktop\BAS printing 2014-03-19 17:17 - 2014-03-19 17:17 - 00047104 _____ () C:\Users\hardwick\Documents\HOEAG membership.xls ==================== One Month Modified Files and Folders ======= 2014-04-15 15:19 - 2014-04-15 15:19 - 00000000 ____D () C:\FRST 2014-04-15 15:19 - 2013-12-21 01:23 - 00000000 ____D () C:\Users\hardwick\Desktop\Misc Temp Desktop files 2014-04-15 15:19 - 2013-12-21 01:19 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Azureus 2014-04-15 15:00 - 2014-04-07 12:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 14:57 - 2013-12-21 19:43 - 00000304 _____ () C:\Windows\Tasks\UpdaterEX.job 2014-04-15 14:53 - 2014-02-12 08:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-15 14:46 - 2013-12-20 21:39 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-15 14:35 - 2013-12-17 17:59 - 01257398 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 14:09 - 2013-12-17 20:02 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2014-04-15 13:06 - 2013-12-31 15:26 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Duplicati 2014-04-15 12:46 - 2013-12-20 21:39 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-14 13:10 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-14 13:10 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-14 13:09 - 2009-07-14 06:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-14 13:04 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-04-14 13:03 - 2014-04-07 13:01 - 00000392 _____ () C:\Windows\setupact.log 2014-04-14 13:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-12 16:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-04-12 15:01 - 2014-01-04 11:04 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-12 15:00 - 2014-01-04 11:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-12 10:28 - 2014-03-22 16:51 - 00000000 ____D () C:\Users\hardwick\Desktop\BAS printing 2014-04-09 07:51 - 2014-04-07 13:01 - 00648024 _____ () C:\Windows\PFRO.log 2014-04-09 07:51 - 2012-08-26 13:15 - 00000000 ___RD () C:\Users\hardwick\Dropbox 2014-04-08 17:16 - 2013-12-21 01:20 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Dropbox 2014-04-08 12:29 - 2014-04-08 12:29 - 00003894 _____ () C:\Windows\System32\Tasks\WebInternetSecurity Update Task 2014-04-08 12:29 - 2014-04-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Webinternetsecurity 2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect 2014-04-08 12:24 - 2014-04-08 12:24 - 00003244 _____ () C:\Windows\System32\Tasks\{F6CCB10D-64BD-4963-8009-1A5462614C89} 2014-04-07 19:01 - 2014-04-07 19:01 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\DropboxMaster 2014-04-07 19:01 - 2013-12-21 01:31 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-07 19:01 - 2012-08-26 13:15 - 00001032 _____ () C:\Users\hardwick\Desktop\Dropbox.lnk 2014-04-07 13:01 - 2014-04-07 13:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-07 12:59 - 2014-04-07 12:59 - 00100422 _____ () C:\Users\hardwick\Documents\cc_20140407_125926.reg 2014-04-07 12:58 - 2013-12-21 01:59 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock 2014-04-07 12:58 - 2013-12-21 01:19 - 00000000 ___DC () C:\Users\hardwick\AppData\Local\MigWiz 2014-04-07 12:58 - 2013-12-18 01:38 - 00000000 ____D () C:\Windows\Panther 2014-04-07 12:55 - 2013-12-21 02:01 - 00000000 ____D () C:\Users\hardwick\AppData\Local\genienext 2014-04-07 12:55 - 2013-12-21 01:59 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Nosibay 2014-04-07 12:44 - 2014-04-07 12:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-03 12:50 - 2013-12-21 01:22 - 00000000 ____D () C:\Users\hardwick\Desktop\Alpaca Mail lists 2014-04-03 12:16 - 2012-03-09 09:09 - 00271360 _____ () C:\Users\hardwick\Documents\archive Recovered Demo.pst 2014-04-03 12:15 - 2012-03-09 09:09 - 00271360 _____ () C:\Users\hardwick\Documents\archive Recovered Demo (1).pst 2014-04-03 09:51 - 2014-04-07 12:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-07 12:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-07 12:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-03 09:40 - 2013-12-21 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 09:35 - 2014-02-18 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-04-03 08:32 - 2013-12-21 23:14 - 00000000 ____D () C:\ProgramData\Search Protection 2014-04-02 18:33 - 2013-12-22 12:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-04-02 08:56 - 2014-04-02 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-31 02:16 - 2014-04-09 00:03 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 02:13 - 2014-04-09 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 01:13 - 2014-04-09 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 00:57 - 2014-04-09 00:03 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-26 13:41 - 2013-12-20 21:39 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-26 13:41 - 2013-12-20 21:39 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-22 13:12 - 2013-12-21 01:22 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\vlc 2014-03-19 17:17 - 2014-03-19 17:17 - 00047104 _____ () C:\Users\hardwick\Documents\HOEAG membership.xls Some content of TEMP: ==================== C:\Users\hardwick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhay4.dll C:\Users\hardwick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpirbs_x.dll C:\Users\hardwick\AppData\Local\Temp\i4jdel0.exe C:\Users\hardwick\AppData\Local\Temp\System.Data.SQLite.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 00:06 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014 Ran by hardwick at 2014-04-15 15:19:49 Running from C:\Users\hardwick\Desktop\Misc Temp Desktop files Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Able Photo Resizer 2.5.11.30 (HKLM-x32\...\Able Photo Resizer_is1) (Version: 2.5.11.30 - Graphic-Region Development) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.100 - NOS Microsystems Ltd.) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) AMD Accelerated Video Transcoding (Version: 13.20.100.30911 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{47F6824F-CA45-FAD2-2F5B-906D36BA3393}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80911.2216 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - ) Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM-x32\...\CCleaner) (Version: 3.12 - Piriform) DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION Dropbox (HKCU\...\Dropbox) (Version: 2.6.25 - Dropbox, Inc.) Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD) FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden HerdMaster4 (HKLM-x32\...\{32FCFDB2-4672-4F48-9C39-42E6378299F7}) (Version: 4.3.6 - Farbrook Software) HerdMaster5 (HKLM-x32\...\{A4096036-4D04-46AD-9531-736085608846}) (Version: 5.1.0.0 - Farbrook Software) HmInstaller (x32 Version: 4.3.6 - Farbrook Software) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation) Intel® Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{004F0409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 Trial (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) PCmover (HKLM-x32\...\{01C41C3F-EA8F-4F84-9C21-9564ED195131}) (Version: 8.00.633.0 - Laplink Software, Inc.) PeerBlock 1.1 (r518) (HKLM-x32\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.) SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{41BB84BA-5CE5-403D-9650-990299509F14}) (Version: 13.0.4.705 - SAP) Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.12.2 - Conduit) <==== ATTENTION Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) StuffIt Expander 2011 (HKLM\...\{6B62B973-49F5-4C51-B738-93B56A963417}) (Version: 15.0.7.2518 - Smith Micro Software, Inc.) SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) UpdaterEX (HKCU\...\UpdaterEX) (Version: - UpdaterEX) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.) WebInternetSecurity (HKLM-x32\...\Webinternetsecurity) (Version: - Webinternetsecurity) ==================== Restore Points ========================= 08-04-2014 12:21:21 Scheduled Checkpoint 08-04-2014 23:01:22 Windows Update 12-04-2014 14:00:11 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2CE34582-5D99-4A16-AF5E-AE79CEF163B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5138C072-F32B-4C70-A35B-1BF8CAD9B629} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.) Task: {8359820F-F166-4FC6-B53C-3A498BE77FAE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {9685B2DD-A165-45B7-9C5C-4A21AE6E42FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.) Task: {B5155B2D-2BF5-4E29-BF87-F6C2F44E0FD5} - System32\Tasks\UpdaterEX => C:\Users\hardwick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {B86A334E-F2E6-4E81-988C-9980DD56C0B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {CD50D22A-C1C1-4AE4-8882-67D6D0E7BD5D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {E0FFF949-E69D-4C57-A97B-6D1344F01554} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated) Task: {E5526BD6-A25C-4DE0-9008-D163DEDAD49A} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe [2014-04-08] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\hardwick\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-12-17 18:02 - 2012-10-29 08:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe 2012-05-21 21:41 - 2012-05-21 21:41 - 00131072 _____ () C:\Program Files\Duplicati\LightDatamodel.dll 2012-05-21 21:41 - 2012-05-21 21:41 - 00931840 _____ () C:\Program Files\Duplicati\SQLite\win64\System.Data.SQLite.dll 2012-05-21 21:41 - 2012-05-21 21:41 - 00260608 _____ () C:\Program Files\Duplicati\AlphaFS.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-17 18:02 - 2014-04-14 13:03 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll 2013-12-17 18:02 - 2012-05-07 17:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll 2013-12-24 14:08 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-12-24 14:08 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-12-24 14:08 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-12-24 14:08 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-12-24 14:08 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-04-10 09:51 - 2014-04-02 02:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll 2013-12-17 18:08 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2013-12-22 02:34 - 2012-12-14 16:42 - 00053160 _____ () C:\Program Files (x86)\Vuze\aereg.dll 2014-02-11 12:39 - 2012-12-14 16:42 - 00077768 _____ () C:\Users\hardwick\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.17-M2-x86.dll 2014-02-11 12:39 - 2012-12-14 16:42 - 00019368 _____ () C:\Users\hardwick\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2014-04-10 09:51 - 2014-04-02 02:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll 2014-04-10 09:51 - 2014-04-02 02:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll 2014-04-10 09:51 - 2014-04-02 02:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll 2014-04-10 09:51 - 2014-04-02 02:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll 2014-04-10 09:51 - 2014-04-02 02:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll 2014-04-10 09:51 - 2014-04-02 02:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2014 02:09:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13323 Error: (04/15/2014 02:09:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13323 Error: (04/15/2014 02:09:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/15/2014 02:09:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12246 Error: (04/15/2014 02:09:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 12246 Error: (04/15/2014 02:09:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/15/2014 02:09:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11232 Error: (04/15/2014 02:09:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11232 Error: (04/15/2014 02:09:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/15/2014 02:09:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10218 System errors: ============= Error: (04/14/2014 01:08:09 PM) (Source: DCOM) (User: ) Description: {DC0C2640-1415-4644-875C-6F4D769839BA} Error: (04/14/2014 01:04:20 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/14/2014 01:03:14 PM) (Source: Service Control Manager) (User: ) Description: The Util sizlsearch service failed to start due to the following error: %%2 Error: (04/13/2014 10:16:28 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (04/13/2014 10:15:58 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (04/13/2014 09:11:54 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (04/13/2014 09:11:24 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (04/13/2014 07:38:42 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/13/2014 07:37:36 PM) (Source: Service Control Manager) (User: ) Description: The Util sizlsearch service failed to start due to the following error: %%2 Error: (04/12/2014 03:44:45 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 8130.23 MB Available physical RAM: 5164.61 MB Total Pagefile: 13115.41 MB Available Pagefile: 6069.57 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:830.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 939BDB0B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================

My bank stopped my online banking and when I checked they confirmed my PC has been infected with TATANGA and that i need to remove it before I use online banking again. Can you urgently help me to remove this malware from my PC and/or home network