Jump to content

Malwarebytes Not Responding


Recommended Posts

# AdwCleaner v3.007 - Report created 12/10/2013 at 09:12:23
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gordon - MAXDATA-8BF282C
# Running from : C:\Documents and Settings\Gordon\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Documents and Settings\Gordon\Application Data\digitalsite
File Deleted : C:\Documents and Settings\All Users\Desktop\iLivid.lnk
File Deleted : C:\Documents and Settings\All Users\Desktop\Open It!.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [3749 octets] - [12/10/2013 09:09:33]
AdwCleaner[s0].txt - [3754 octets] - [12/10/2013 09:12:23]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3814 octets] ##########

Link to post
Share on other sites

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Gordon (administrator) on MAXDATA-8BF282C on 12-10-2013 10:29:49
Running from C:\Documents and Settings\Gordon\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TomTom) D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
() C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
(Axentra Corporation) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.107.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056 2005-08-12] (ATI Technologies Inc.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [bluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [bCSSync] - D:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [296056 2012-05-17] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-04-06] (Memeo Inc.)
HKLM\...\Run: [seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [73728 2011-11-03] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-05-12] (Realtek Semiconductor Corp.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-17] (Google Inc.)
HKU\Christopher\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
HKU\Christopher\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-03-17] (Google Inc.)
HKU\Christopher\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2006-06-19] (Nero AG)
HKU\Christopher\...\Run: [TomTomHOME.exe] - D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2011-04-22] (TomTom)
HKU\Frances\...\Run: [msnmsgr] - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
HKU\Frances\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Frances\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-03-17] (Google Inc.)
HKU\Michael\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
HKU\Michael\...\Run: [igndlm.exe] - C:\Program Files\IGN\Download Manager\DLM.exe [ 2007-03-05] (IGN Entertainment)
HKU\Michael\...\Run: [ASUS SmartDoctor] - C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start
HKU\Michael\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2006-06-19] (Nero AG)
HKU\Michael\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-03-17] (Google Inc.)
HKU\Michael\...\Run: [doubleTwist] - C:\Program Files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
HKU\Michael\...\Run: [steam] - D:\Program Files\Steam\Steam.exe [ 2013-02-15] (Valve Corporation)
HKU\Michael\...\RunOnce: [shockwave Updater] - C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.freeonlinegames.com/game/driving-test.html"
HKU\Vanessa\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
HKU\Vanessa\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-03-17] (Google Inc.)
HKU\Vanessa\...\Run: [EA Core] - "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\Vanessa\...\RunOnce: [shockwave Updater] - C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/down-hill-chill/en/"
HKU\Vanessa\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

========================== Services (Whitelisted) =================

R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [241152 2005-10-18] (ASUSTeK COMPUTER INC.)
S4 gupdate1c994173b632322; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-21] (Google Inc.)
S3 KService; C:\Program Files\Kontiki\KService.exe [3072184 2007-11-27] (Kontiki Inc.)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-04-06] (Memeo)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [651776 2009-09-17] (Nokia)
R2 TomTomHOMEService; D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 asuskbnt; C:\Windows\System32\drivers\atkkbnt.sys [11008 2005-10-18] (ASUSTeK COMPUTER INC.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo32.sys [22120 2012-08-13] ()
R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [11264 2005-10-20] (ASUSTeK Computer Inc.)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [127768 2007-07-19] (Kaspersky Lab)
R2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 n558; C:\Windows\System32\Drivers\n558.sys [9600 2007-08-15] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [53920 2004-08-09] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [114016 2004-08-09] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S1 asusgsb; system32\drivers\asusgsb32.sys [x]
S3 atidgllk; \??\C:\Program Files\ASUS\SmartDoctor\atidgllk.sys [x]
S3 BCM43XX; system32\DRIVERS\bcmwl5.sys [x]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [x]
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S3 Btcsrusb; System32\Drivers\btcusb.sys [x]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]
S3 VHidMinidrv; system32\drivers\VHIDMini.sys [x]
S3 Video3D; System32\Drivers\Video3D32.sys [x]
S3 w810bus; system32\DRIVERS\w810bus.sys [x]
S3 w810mdfl; system32\DRIVERS\w810mdfl.sys [x]
S3 w810mdm; system32\DRIVERS\w810mdm.sys [x]
S3 w810mgmt; system32\DRIVERS\w810mgmt.sys [x]
S3 w810obex; system32\DRIVERS\w810obex.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-12 10:29 - 2013-10-12 10:29 - 00000000 ____D C:\FRST
2013-10-12 10:27 - 2013-10-12 10:27 - 01087213 _____ (Farbar) C:\Documents and Settings\Gordon\Desktop\FRST.exe
2013-10-12 09:09 - 2013-10-12 09:12 - 00000000 ____D C:\AdwCleaner
2013-10-12 09:08 - 2013-10-12 09:08 - 01048960 _____ C:\Documents and Settings\Gordon\Desktop\AdwCleaner.exe
2013-10-10 20:13 - 2013-10-10 20:13 - 00016154 _____ C:\ComboFix.txt
2013-10-10 19:36 - 2013-10-10 19:36 - 00000560 _____ C:\Documents and Settings\Gordon\Desktop\aa.txt
2013-10-10 19:34 - 2013-10-10 19:34 - 00000489 _____ C:\Documents and Settings\All Users\Desktop\iMesh.lnk
2013-10-10 19:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-09 21:02 - 2013-10-09 21:03 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Gordon\Desktop\tdsskiller.exe
2013-10-09 20:20 - 2013-10-09 20:20 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-10-09 20:20 - 2013-10-09 20:20 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-10-09 20:20 - 2013-10-09 20:20 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-09 20:20 - 2013-10-09 20:20 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-10-09 20:19 - 2013-10-10 20:02 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-09 19:32 - 2013-10-09 19:32 - 05131844 ____R (Swearware) C:\Documents and Settings\Gordon\Desktop\ComboFix.exe
2013-10-08 21:58 - 2013-10-08 21:58 - 00000000 _RSHD C:\cmdcons
2013-10-08 21:58 - 2013-09-07 16:16 - 00000212 _____ C:\Boot.bak
2013-10-08 21:58 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-10-08 21:54 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-08 21:54 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-08 21:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-08 21:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-08 21:54 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-08 21:54 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-08 21:54 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-08 21:54 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-08 21:53 - 2013-10-10 20:13 - 00000000 ____D C:\Qoobox
2013-10-08 21:34 - 2013-10-10 20:01 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-08 21:29 - 2013-10-08 21:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Open It!
2013-10-08 18:13 - 2013-10-08 18:13 - 00025162 _____ C:\Documents and Settings\Gordon\Desktop\attach.txt
2013-10-08 18:13 - 2013-10-08 18:13 - 00013409 _____ C:\Documents and Settings\Gordon\Desktop\dds.txt
2013-10-08 18:11 - 2013-10-08 18:11 - 00000000 ____D C:\Documents and Settings\Gordon\Desktop\New Folder
2013-09-28 12:57 - 2013-10-12 09:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-28 12:46 - 2013-09-28 12:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-28 12:43 - 2013-09-28 12:43 - 00013207 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-28 12:43 - 2013-09-28 12:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-28 12:43 - 2013-09-28 12:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-28 12:36 - 2013-09-28 12:46 - 00015831 _____ C:\WINDOWS\KB2864063.log
2013-09-28 12:36 - 2013-09-28 12:43 - 00009691 _____ C:\WINDOWS\KB2876315.log
2013-09-28 12:36 - 2013-09-28 12:43 - 00009279 _____ C:\WINDOWS\KB2876217.log
2013-09-28 09:10 - 2013-09-28 09:10 - 00000000 ____D C:\Documents and Settings\Gordon\Application Data\Malwarebytes
2013-09-28 09:09 - 2013-09-28 09:09 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-28 09:09 - 2013-09-28 09:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-28 09:09 - 2013-09-28 09:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-28 09:09 - 2013-09-28 09:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-28 09:09 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-13 18:24 - 2013-09-13 18:24 - 00000000 ____D C:\Documents and Settings\Christopher\Application Data\Seagate
2013-09-13 18:24 - 2013-09-13 18:24 - 00000000 ____D C:\Documents and Settings\Christopher\Application Data\Memeo
2013-09-13 18:23 - 2013-09-13 18:23 - 00000000 __SHD C:\Documents and Settings\Christopher\IETldCache
2013-09-12 22:13 - 2013-09-12 22:13 - 00000000 ____D C:\Program Files\PerformanceTest
2013-09-12 22:13 - 2013-09-12 22:13 - 00000000 ____D C:\Documents and Settings\Gordon\Local Settings\Application Data\PassMark
2013-09-12 22:13 - 2013-09-12 22:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PerformanceTest
2013-09-12 22:13 - 2013-09-12 22:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Passmark

==================== One Month Modified Files and Folders =======

2013-10-12 10:29 - 2013-10-12 10:29 - 00000000 ____D C:\FRST
2013-10-12 10:29 - 2009-07-12 09:42 - 66471968 ___SH C:\WINDOWS\system32\Drivers\fidbox.dat
2013-10-12 10:27 - 2013-10-12 10:27 - 01087213 _____ (Farbar) C:\Documents and Settings\Gordon\Desktop\FRST.exe
2013-10-12 10:02 - 2009-06-30 22:08 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 09:34 - 2013-09-28 12:57 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-12 09:24 - 2013-09-06 19:36 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-12 09:15 - 2006-09-29 14:31 - 01730195 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-12 09:14 - 2012-05-17 14:50 - 00000282 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1785211882-1627415546-1105308610-1010.job
2013-10-12 09:14 - 2009-06-30 22:08 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-12 09:14 - 2006-09-29 14:31 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-10-12 09:14 - 2006-09-29 14:31 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-12 09:14 - 2006-09-29 14:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-12 09:13 - 2009-07-12 09:42 - 00786140 ___SH C:\WINDOWS\system32\Drivers\fidbox.idx
2013-10-12 09:12 - 2013-10-12 09:09 - 00000000 ____D C:\AdwCleaner
2013-10-12 09:12 - 2008-12-06 12:42 - 00000012 _____ C:\WINDOWS\bthservsdp.dat
2013-10-12 09:12 - 2006-11-16 23:15 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-10-12 09:12 - 2006-11-16 21:45 - 00000178 ___SH C:\Documents and Settings\Gordon\ntuser.ini
2013-10-12 09:12 - 2006-11-16 21:45 - 00000000 ____D C:\Documents and Settings\Gordon
2013-10-12 09:12 - 2006-09-29 14:31 - 00032624 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-12 09:08 - 2013-10-12 09:08 - 01048960 _____ C:\Documents and Settings\Gordon\Desktop\AdwCleaner.exe
2013-10-12 08:49 - 2006-09-29 14:31 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-10 21:30 - 2006-09-29 14:50 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-10 20:13 - 2013-10-10 20:13 - 00016154 _____ C:\ComboFix.txt
2013-10-10 20:13 - 2013-10-08 21:53 - 00000000 ____D C:\Qoobox
2013-10-10 20:07 - 2006-09-29 14:31 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-10 20:04 - 2006-09-29 14:31 - 44691456 _____ C:\WINDOWS\system32\config\software.bak
2013-10-10 20:04 - 2006-09-29 14:31 - 09699328 _____ C:\WINDOWS\system32\config\system.bak
2013-10-10 20:04 - 2006-09-29 14:31 - 00307200 _____ C:\WINDOWS\system32\config\default.bak
2013-10-10 20:04 - 2006-09-29 14:31 - 00053248 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-10-10 20:04 - 2006-09-29 14:31 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak
2013-10-10 20:02 - 2013-10-09 20:19 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-10 20:01 - 2013-10-08 21:34 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-10 19:36 - 2013-10-10 19:36 - 00000560 _____ C:\Documents and Settings\Gordon\Desktop\aa.txt
2013-10-10 19:34 - 2013-10-10 19:34 - 00000489 _____ C:\Documents and Settings\All Users\Desktop\iMesh.lnk
2013-10-09 21:47 - 2006-09-29 14:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB888302$
2013-10-09 21:03 - 2013-10-09 21:02 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Gordon\Desktop\tdsskiller.exe
2013-10-09 20:20 - 2013-10-09 20:20 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-10-09 20:20 - 2013-10-09 20:20 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-10-09 20:20 - 2013-10-09 20:20 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-09 20:20 - 2013-10-09 20:20 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-10-09 19:32 - 2013-10-09 19:32 - 05131844 ____R (Swearware) C:\Documents and Settings\Gordon\Desktop\ComboFix.exe
2013-10-08 21:58 - 2013-10-08 21:58 - 00000000 _RSHD C:\cmdcons
2013-10-08 21:58 - 2006-09-29 14:29 - 00000328 __RSH C:\boot.ini
2013-10-08 21:34 - 2012-10-12 15:09 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-08 21:34 - 2011-10-06 20:53 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:29 - 2013-10-08 21:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Open It!
2013-10-08 20:53 - 2010-12-19 09:36 - 00026172 _____ C:\WINDOWS\setupapi.log
2013-10-08 18:13 - 2013-10-08 18:13 - 00025162 _____ C:\Documents and Settings\Gordon\Desktop\attach.txt
2013-10-08 18:13 - 2013-10-08 18:13 - 00013409 _____ C:\Documents and Settings\Gordon\Desktop\dds.txt
2013-10-08 18:11 - 2013-10-08 18:11 - 00000000 ____D C:\Documents and Settings\Gordon\Desktop\New Folder
2013-09-28 12:52 - 2006-09-29 14:31 - 00198552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-28 12:46 - 2013-09-28 12:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-28 12:46 - 2013-09-28 12:36 - 00015831 _____ C:\WINDOWS\KB2864063.log
2013-09-28 12:46 - 2006-09-29 14:31 - 01057541 _____ C:\WINDOWS\tsoc.log
2013-09-28 12:46 - 2006-09-29 14:31 - 00379353 _____ C:\WINDOWS\updspapi.log
2013-09-28 12:46 - 2006-09-29 14:30 - 01322391 _____ C:\WINDOWS\ocgen.log
2013-09-28 12:46 - 2006-09-29 14:30 - 00507704 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-28 12:46 - 2006-09-29 14:30 - 00438135 _____ C:\WINDOWS\iis6.log
2013-09-28 12:46 - 2006-09-29 14:30 - 00138315 _____ C:\WINDOWS\ocmsn.log
2013-09-28 12:46 - 2006-09-29 14:30 - 00138081 _____ C:\WINDOWS\msgsocm.log
2013-09-28 12:46 - 2006-09-29 14:30 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-28 12:46 - 2006-09-29 14:29 - 02757319 _____ C:\WINDOWS\FaxSetup.log
2013-09-28 12:46 - 2006-09-29 14:29 - 00839702 _____ C:\WINDOWS\comsetup.log
2013-09-28 12:45 - 2013-09-07 09:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-28 12:44 - 2010-12-26 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-09-28 12:44 - 2006-09-29 14:27 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-28 12:43 - 2013-09-28 12:43 - 00013207 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-28 12:43 - 2013-09-28 12:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-28 12:43 - 2013-09-28 12:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-28 12:43 - 2013-09-28 12:36 - 00009691 _____ C:\WINDOWS\KB2876315.log
2013-09-28 12:43 - 2013-09-28 12:36 - 00009279 _____ C:\WINDOWS\KB2876217.log
2013-09-28 12:43 - 2013-09-07 09:16 - 00000000 ____D C:\WINDOWS\ie8updates
2013-09-28 12:43 - 2006-09-29 14:30 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-28 09:10 - 2013-09-28 09:10 - 00000000 ____D C:\Documents and Settings\Gordon\Application Data\Malwarebytes
2013-09-28 09:09 - 2013-09-28 09:09 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-28 09:09 - 2013-09-28 09:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-28 09:09 - 2013-09-28 09:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-28 09:09 - 2013-09-28 09:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-25 07:29 - 2010-12-26 09:47 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-09-25 07:29 - 2006-11-16 22:21 - 00000178 ___SH C:\Documents and Settings\Vanessa\ntuser.ini
2013-09-25 07:13 - 2009-02-26 18:15 - 00000000 ____D C:\Documents and Settings\Vanessa\Tracing
2013-09-18 21:07 - 2007-02-24 18:10 - 00000000 ____D C:\Documents and Settings\Gordon\Local Settings\Application Data\Adobe
2013-09-18 21:07 - 2007-02-24 18:10 - 00000000 ____D C:\Documents and Settings\Gordon\Application Data\Adobe
2013-09-17 20:45 - 2012-05-17 14:50 - 00000290 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1785211882-1627415546-1105308610-1010.job
2013-09-14 12:28 - 2013-02-10 19:29 - 00000000 ____D C:\Documents and Settings\Gordon\Application Data\dvdcss
2013-09-13 20:51 - 2010-09-19 07:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982802$
2013-09-13 20:47 - 2006-11-18 18:24 - 00000178 ___SH C:\Documents and Settings\Michael\ntuser.ini
2013-09-13 18:26 - 2009-03-05 20:34 - 00000000 ____D C:\Documents and Settings\Michael\Tracing
2013-09-13 18:25 - 2006-11-23 18:35 - 00000178 ___SH C:\Documents and Settings\Christopher\ntuser.ini
2013-09-13 18:24 - 2013-09-13 18:24 - 00000000 ____D C:\Documents and Settings\Christopher\Application Data\Seagate
2013-09-13 18:24 - 2013-09-13 18:24 - 00000000 ____D C:\Documents and Settings\Christopher\Application Data\Memeo
2013-09-13 18:24 - 2009-03-22 21:43 - 00000000 ____D C:\Documents and Settings\Christopher\Tracing
2013-09-13 18:23 - 2013-09-13 18:23 - 00000000 __SHD C:\Documents and Settings\Christopher\IETldCache
2013-09-13 18:23 - 2006-11-23 18:35 - 00000803 _____ C:\Documents and Settings\Christopher\Start Menu\Programs\Internet Explorer.lnk
2013-09-13 18:23 - 2006-11-23 18:35 - 00000000 ____D C:\Documents and Settings\Christopher
2013-09-12 22:13 - 2013-09-12 22:13 - 00000000 ____D C:\Program Files\PerformanceTest
2013-09-12 22:13 - 2013-09-12 22:13 - 00000000 ____D C:\Documents and Settings\Gordon\Local Settings\Application Data\PassMark
2013-09-12 22:13 - 2013-09-12 22:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PerformanceTest
2013-09-12 22:13 - 2013-09-12 22:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Passmark

Some content of TEMP:
====================
C:\Documents and Settings\Christopher\Local Settings\temp\NEventMessages.dll
C:\Documents and Settings\Gordon\Local Settings\temp\NEventMessages.dll
C:\Documents and Settings\Gordon\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Michael\Local Settings\temp\A~NSISu_.exe
C:\Documents and Settings\Michael\Local Settings\temp\drm_dyndata_7330014.dll
C:\Documents and Settings\Michael\Local Settings\temp\NEventMessages.dll
C:\Documents and Settings\Michael\Local Settings\temp\swt-awt-win32-3346.dll
C:\Documents and Settings\Michael\Local Settings\temp\swt-win32-3346.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\eauninstall.exe
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll1204906.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll1224812.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll4724250.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll4746468.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll6006468.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll6029562.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll644687.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll663500.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll756671.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll778937.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll9136593.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\installerdll9162515.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Vanessa\Local Settings\temp\NEventMessages.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\Setup.exe
C:\Documents and Settings\Vanessa\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Vanessa\Local Settings\temp\The Sims 2_uninst.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

mbam-log-2013-10-12 (12-19-59).txt

 

Hi,

Ran MBAM in normal mode and it humg.

 

Rebooted to Safe Mode.

Did quick quick scan and this completed and removed 2 items.

Did full scan and this completed - no items detected.

Did full scan on D and F.  This completed with no items detected.

 

Will reboot and run in normal mode.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.10.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Gordon :: MAXDATA-8BF282C [administrator]

12/10/2013 11:23:36
mbam-log-2013-10-12 (11-23-36).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 456204
Time elapsed: 47 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\System Volume Information\_restore{8B88F6CD-FA94-4B7D-B351-3636856952B3}\RP1135\A0699887.dll (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B88F6CD-FA94-4B7D-B351-3636856952B3}\RP1136\A0700480.exe (PUP.Optional.iMeshMusicBoxTB.A) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

These two items in your MBAM scan are inconsequential as they are only present in your system restore data:

 

Files Detected: 2
C:\System Volume Information\_restore{8B88F6CD-FA94-4B7D-B351-3636856952B3}\RP1135\A0699887.dll (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B88F6CD-FA94-4B7D-B351-3636856952B3}\RP1136\A0700480.exe (PUP.Optional.iMeshMusicBoxTB.A) -> Quarantined and deleted successfully.

 

 

I am working on a fix for you based on the items in the FRST tool log.

 

Some questions for you so I know what direction to take:

 

Did you create this text file:

C:\Documents and Settings\Gordon\Desktop\aa.txt

 

And this Desktop shortcut to iMesh?

 C:\Documents and Settings\All Users\Desktop\iMesh.lnk

Link to post
Share on other sites

Hi

aa.txt was create by me.  It was the coomands for combo fix.

 

Not sure what imesh is so can go.   It is possible it was one of the download i pressed incorrectly.

 

Don't know who star force protection are.

 

I have run MBAM in safe mode on all drives without issue.

When run in normal mode MBAM hangs.

Link to post
Share on other sites

Star Force Protection is DRM copyright protection software probably installed with one of your games.  It has a total of four low level drivers loaded and there is a possibility that it may be the culprit in stalling MBAM.  But, I don't want to do anything with it yet because I want to proceed in a stepwise fashion.  Right now, I am having you run a fixlist that will delete a Kaspersky antivirus driver.  I'm not sure why it's running on your system. Maybe TDSSKIller put it there because it wasn't in your Combofix log, and you ran combofix prior to running TDSSKiller.

 

Open notepad.

 

Select Format and make sure Wordwrap is UNchecked.

 

Please copy the contents of the code box below. 

 

To do this highlight the contents of the box and right click on it. Paste this into the open notepad. 

 

Save it to your desktop (the same folder that FRST.EXE is located in) as fixlist.txt

 



Start
C:\Documents and Settings\All Users\Desktop\iMesh.lnk
C:\Documents and Settings\Vanessa\Local Settings\temp\lowproc.exe
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [127768 2007-07-19] (Kaspersky Lab)
C:\Windows\System32\DRIVERS\klif.sys
2013-10-12 09:13 - 2009-07-12 09:42 - 00786140 ___SH C:\WINDOWS\system32\Drivers\fidbox.idx
C:\Documents and Settings\Vanessa\Local Settings\temp\Setup.exe
C:\Documents and Settings\Gordon\Local Settings\temp\Quarantine.exe
2013-10-09 21:02 - 2013-10-09 21:03 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Gordon\Desktop\tdsskiller.exe
 
Folder:
C:\Program Files\OpenIt
End


 

NOTICE: This script was written specifically for this user, for use on that particular machine. 

Running this on another machine may cause damage to your operating system

 

Run FRST and press the Fix button just once and wait.

The tool will create and open a log on your Desktop called Fixlog.txt. Please post it to your reply

 

Run an MBAM Quick Scan in normal mode and see how it goes.

Link to post
Share on other sites

Ran FRST as requested - log below.

The run quick MBAM - completed OK - log below:

 

Thanks

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Gordon at 2013-10-13 07:45:02 Run:1
Running from C:\Documents and Settings\Gordon\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\Documents and Settings\All Users\Desktop\iMesh.lnk
C:\Documents and Settings\Vanessa\Local Settings\temp\lowproc.exe
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [127768 2007-07-19] (Kaspersky Lab)
C:\Windows\System32\DRIVERS\klif.sys
2013-10-12 09:13 - 2009-07-12 09:42 - 00786140 ___SH C:\WINDOWS\system32\Drivers\fidbox.idx
C:\Documents and Settings\Vanessa\Local Settings\temp\Setup.exe
C:\Documents and Settings\Gordon\Local Settings\temp\Quarantine.exe
2013-10-09 21:02 - 2013-10-09 21:03 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Gordon\Desktop\tdsskiller.exe
 
Folder:
C:\Program Files\OpenIt

*****************

C:\Documents and Settings\All Users\Desktop\iMesh.lnk => Moved successfully.
C:\Documents and Settings\Vanessa\Local Settings\temp\lowproc.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.
KLIF => Service deleted successfully.
C:\Windows\System32\DRIVERS\klif.sys => Moved successfully.
Could not move "C:\WINDOWS\system32\Drivers\fidbox.idx" => Scheduled to move on reboot.
C:\Documents and Settings\Vanessa\Local Settings\temp\Setup.exe => Moved successfully.
C:\Documents and Settings\Gordon\Local Settings\temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Gordon\Desktop\tdsskiller.exe => Moved successfully.

========================= Folder: ========================

Directory Not Found

====== End of Folder: ======

"C:\Program Files\OpenIt" => File/Directory not found.

=========== Result of Scheduled Files to move ===========

C:\WINDOWS\system32\Drivers\fidbox.idx => Moved successfully.

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gordon :: MAXDATA-8BF282C [administrator]

13/10/2013 07:49:28
mbam-log-2013-10-13 (07-49-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 336528
Time elapsed: 37 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

That worked out well. Good job!

 

==========================
Download TFC (Temporary File Cleaner) to your desktop:
 
  • Select the green "Download" Button to download TFC.exe
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
=============================
 
Download RogueKiller and save it to your desktop.
  • Close all the running processes
  • Double click RogueKiller icon to run the program
Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish. 
  • Now click the Scan button. 
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.
 
Note:
  • If RogueKiller is blocked, do not hesitate to try running it again. 
  • If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon.exe and try again.
===============
 
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Scroll down to where it says "Java SE 7 Update 40".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x86' offline from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check  J2SE Runtime Environment 5.0 Update 10  and  any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.

 

Note: If the Ask Toolbar or any other Toolbar is pre-checked for installation, UNCheck it, if you do not wish it to install (it is NOT required for the Java Update to complete properly)

 
==============
 
Run updates to Adobe Reader:
 
  • Close all programs and windows.
  • Open Adobe Reader (click on "Start".  Click on "All Programs".  Click on "Adobe Reader").
  • When Adobe Reader is loaded, click on "Help".
  • Click on "Check for updates now" (or "Updates").
  • You will see available updates in the left window.
  • Select all updates or critical items in the left window and click the "Add" icon between the windows.  click on the "Update" icon at the bottom.
  • The system will start processing the update.
  • If there are more that 2 or more updates, you will probably have to reboot between updates.
 
==============
Please perform a scan with the ESET online virus scanner.
You can expect some detections in Combofix's quarantine (Qoobox) and system volume information. They will not represent active malware so don't worry:
 

 

  • ESET recommends disabling your resident antivirus's active protection component BEFORE scanning 
  • Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
  • Select the "Run ESET Online Scanner" Button.
  • Check the "Yes, I accept the terms of use" box.
  • Click "Start"
  • Approve the installation of the ActiveX control that's required to enable scanning
  • Make sure the box to
  • Remove found threats. is CHECKED!!
  • Click "Start"
  • Allow the definition data base to install
  • Click "Scan"
 
When the scan is complete,
 
If no threats were found:
  • Check in "Uninstall application on close"
  • Close program
 
If threats were found:
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Please copy/paste the scan report in your next reply.  It can be found in this location:
Note to Windows 7/8 and Vista users, and anyone with restrictive IE security settings:
Depending on your security settings, you may have to allow cookies and put the ESET website, www.eset.com,  into the trusted zone of Internet Explorer if the scan has problems starting (in Vista this is a necessity as IE runs in Protected mode)
============
 
To sum it up, I need you to post the following in your next reply:
 
1. The RogueKiller Report: RKreport.txt located on your desktop
2. The ESET Scan Report: C:\Program Files\EsetOnlineScanner\log.txt
Link to post
Share on other sites

Hi,

 

Here are the logs as requested.

The perfromance monitor was something I downloaded a few days ago on a free trial.

 

RogueKiller V8.7.2 [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Gordon [Admin rights]
Mode : Scan -- Date : 10/13/2013 17:15:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED (prosync1.sys @ 0xBA5B26C1)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST500DM002-1BD142 +++++
--- User ---
[MBR] 80ea2aaeb4e3ec5bcdacd052d6d6ad75
[bSP] 90744c499e43840b9c9bf1648e9bf086 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 239186 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 489853980 | Size: 237751 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - HDT722516DLA380 +++++
--- User ---
[MBR] ec1634626dac30ccb1310563eb3cfce7
[bSP] 93279f45900cc8d7caf56ddb015308ee : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 157065 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10132013_171510.txt >>

 

ESETscanlog.txt from desktop:

C:\Windows\pss\PowerReg Scheduler.exeStartup Win32/PowerReg application cleaned by deleting - quarantined
 

There is no log file in:

2. The ESET Scan Report: C:\Program Files\EsetOnlineScanner\log.txt

 

Link to post
Share on other sites

Very good job!

 

Those two logs look fine.  

 

You can uninstall the ESET Online Scanner from the Control Panel -> Add/Remove Programs feature.

 

I want you to try to run a complete MBAM scan now in normal mode.

 

If you encounter an Application Hang on mbam.exe again, then I will do something about the DRM drivers.  After which, I'll  have you try running a complete scan again. One of the drivers shows up in your RogueKiller log here:

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED (prosync1.sys @ 0xBA5B26C1)

 

So try that for now, and let me know how it goes.

Link to post
Share on other sites

Hi,

 

ESET did not show up in Add/Remove programs.

Ran MBAM

 

F: 3m 11s 313540 files

D: 12m 28s 334599 files

 

Switched on Retime-Protection in Microsoft SE and repeated

 

F: 1m 23s 31339 files

D: 15m 19s 334532 files

C: 3h 54m 437662 files

 

Log files follow:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.15.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gordon :: MAXDATA-8BF282C [administrator]

15/10/2013 21:45:58
mbam-log-2013-10-15 (21-45-58).txt

Scan type: Full scan (F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313395
Time elapsed: 1 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.15.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gordon :: MAXDATA-8BF282C [administrator]

15/10/2013 21:48:30
mbam-log-2013-10-15 (21-48-30).txt

Scan type: Full scan (D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334532
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.15.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gordon :: MAXDATA-8BF282C [administrator]

15/10/2013 22:05:01
mbam-log-2013-10-15 (22-05-01).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 437662
Time elapsed: 3 hour(s), 54 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Thanks

What now?

Link to post
Share on other sites

You're welcome & good job!

 

You're infection is removed and you're able to perform a complete scan with MBAM on all drives now  with 0 detections found, so our work s just about done now.

 

We have to perform a few "housekeeping" steps to remove the clean-up tools that we used!!

 

To remove Combofix and it's quarantine folder:

 

Click Start -> Run, and copy/paste the following bolded text in the Open: box and select OK:

 

combofix /uninstall

 

CF%20UNINSTALL.jpg

 

 

This will do the following:


  • Uninstall Combofix and all its associated files and folders.


  • Flush your system restore points and create a new restore point.


  • Rehide your system files and folders


  • Reset your system clock
  • Disable autorun to prevent you from contracting USB transferred infections.  You can still access all plugged in devices via My Computer (or Computer in Vista & Win7) or by hitting the (Windows key + E) simultaneously to open Windows Explorer.

 

Here are some additional measures you should take to keep your system in good working order and ensure your continued security.

 

1. Scan your system for outdated versions of commonly used software applications that may also cause your PC be vulnerable, using the Secunia Online Software Inspector (OSI).  This is very important because recent statistics confirm that an overwhelming majority of infections are acquired through application not Windows Operating System flaws.  Commonly used programs like Quicktime, Java, and Adobe  Acrobat Reader, itunes, and others are frequently targeted today.  You can make your computer much more secure if you update to the most current versions of these programs and any others that Secunia alerts you to. We've already updated Java and the Adobe Reader.

 

Just click the "Start Scanner" button to get a listing of all outdated and possibly insecure resident programs. 

 

Note: If your firewall prompts you about access, please allow it. You may also have to approve Java running. 

 

2. Keep MBAM as an on demand scanner because I highly recommend it, and the quick scan will find most all active malware in minutes.  Updating to the Pro version is recommended.

 

3. You can reduce your startups by downloading Malwarebyte's StartUp Lite and saving it to a convenient location. Just double-click StartUpLite.exe. Then, check the options you would like based on the descriptions provided, then select continue. This will free up system resources because nonessential background programs will no longer be running when you start up your computer. 

 

You should obtain the most current Operating System updates/patches, and Internet Explorer released versions.

The easiest and fastest way to obtain Windows Updates is by clicking Control Panel -> Windows Update

 

However, setting your computer to download and install updates automatically will relieve you of the responsibility of doing this on a continual basis.  It is important to periodically check that Windows Updates is functioning properly because many threats disable it as part of their strategy to compromise your system. Windows Updates are released on the second Tuesday of every month.

 


 

Finally, The Security Check scan you ran initially suggests that your hard drive is due for a defrag:

 

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:: 23% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

 


 

Performing a defrag should make your computer run faster, by improving disk access times.

 

HAPPY SURFING!!

Link to post
Share on other sites

Hi,

 

Have just uninstalled combofix.

I did find that it switched off the restore functionality on all drives!

I have reenabled this functionality as it is very useful to be able to restore to a previous point.

I always make a restore point before making updates.

I will continue with the rest of your instructions.

 

Thanks again

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.