Jump to content

I have been infected with TATANGA


Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt




Please attach this file to your next reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014

Ran by hardwick (administrator) on CHRISDEAKIN-PC on 15-04-2014 15:19:30

Running from C:\Users\hardwick\Desktop\Misc Temp Desktop files

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(HexaD) C:\Program Files\Duplicati\Duplicati.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Azureus Software, Inc) C:\Program Files (x86)\Vuze\Azureus.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [WebInternetSecurity] => C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe [797184 2013-12-30] (WebInternetSecurity)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-19\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-20\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [FBBF48DDF52CFE01A375E54F303562119CD0BB61._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.)

HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [PeerBlock] => C:\Program Files (x86)\peerblock\peerblock.exe [1866864 2010-11-06] (PeerBlock, LLC)

HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [GoogleChromeAutoLaunch_DDAA95BF07E3734F0BE24CB51FCD11D0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.)

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found

 

==================== Internet (Whitelisted) ====================

 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:49188;https=127.0.0.1:49188


HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie


SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_4981&q={searchTerms}

SearchScopes: HKCU - {C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab


DPF: HKLM-x32 {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default

FF user.js: detected! => C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\user.js

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.100 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\hardwick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\hardwick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

 

Chrome: 

=======


CHR DefaultSearchKeyword: google.co.uk

CHR Extension: (Live Documents) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\amaifjdaecbdedhngkjojpkdnjndpcch [2013-12-21]

CHR Extension: (Google Docs) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21]

CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-12-21]

CHR Extension: (Google Drive) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]

CHR Extension: (Auction Raptor) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl [2014-01-17]

CHR Extension: (YouTube) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]

CHR Extension: (Google Search) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]

CHR Extension: (Gmail Offline) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-21]

CHR Extension: (Google Calendar) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-21]

CHR Extension: (Pivotal Tracker) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmopohenfphcfkjklbikdpfhilnlckfl [2013-12-21]

CHR Extension: (Digital Clock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-12-21]

CHR Extension: (AdBlock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-21]

CHR Extension: (Bubble Dock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp [2013-12-21]

CHR Extension: (Potiphar) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdjehpheibomdlhciohiojkfliemofjg [2013-12-21]

CHR Extension: (FastestFox for Chrome) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-12-21]

CHR Extension: (Google Play Books) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-12-21]

CHR Extension: (Google Wallet) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]

CHR Extension: (Google Chrome to Phone Extension) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-12-21]

CHR Extension: (Rain Alarm Extension) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd [2013-12-21]

CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2013-12-21]

CHR Extension: (Gmail) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]

CHR HKCU\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12]

CHR HKLM-x32\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12]

CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2014-01-12]

CHR HKLM-x32\...\Chrome\Extension: [kbjlipmgfoamgjaogmbihaffnpkpjajp] - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\GCSurfMatch.crx [2012-11-06]

 

==================== Services (Whitelisted) =================

 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S2 Util sizlsearch; "C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-15] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S3 pbfilter; C:\Program Files (x86)\PeerBlock\pbfilter.sys [20080 2010-11-06] ()

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-15 15:19 - 2014-04-15 15:19 - 00000000 ____D () C:\FRST

2014-04-09 00:03 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-09 00:03 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-09 00:03 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-09 00:03 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-09 00:02 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 00:02 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 00:02 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 00:02 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 00:02 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 00:02 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 00:02 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-09 00:02 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-09 00:02 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-09 00:02 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-09 00:02 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 00:02 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-08 12:29 - 2014-04-08 12:29 - 00003894 _____ () C:\Windows\System32\Tasks\WebInternetSecurity Update Task

2014-04-08 12:29 - 2014-04-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Webinternetsecurity

2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect

2014-04-08 12:24 - 2014-04-08 12:24 - 00003244 _____ () C:\Windows\System32\Tasks\{F6CCB10D-64BD-4963-8009-1A5462614C89}

2014-04-07 19:01 - 2014-04-07 19:01 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\DropboxMaster

2014-04-07 13:01 - 2014-04-14 13:03 - 00000392 _____ () C:\Windows\setupact.log

2014-04-07 13:01 - 2014-04-09 07:51 - 00648024 _____ () C:\Windows\PFRO.log

2014-04-07 13:01 - 2014-04-07 13:01 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-07 12:59 - 2014-04-07 12:59 - 00100422 _____ () C:\Users\hardwick\Documents\cc_20140407_125926.reg

2014-04-07 12:45 - 2014-04-15 15:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-07 12:44 - 2014-04-07 12:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-07 12:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-07 12:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-07 12:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 08:55 - 2014-04-02 08:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-22 16:51 - 2014-04-12 10:28 - 00000000 ____D () C:\Users\hardwick\Desktop\BAS printing

2014-03-19 17:17 - 2014-03-19 17:17 - 00047104 _____ () C:\Users\hardwick\Documents\HOEAG membership.xls

 

==================== One Month Modified Files and Folders =======

 

2014-04-15 15:19 - 2014-04-15 15:19 - 00000000 ____D () C:\FRST

2014-04-15 15:19 - 2013-12-21 01:23 - 00000000 ____D () C:\Users\hardwick\Desktop\Misc Temp Desktop files

2014-04-15 15:19 - 2013-12-21 01:19 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Azureus

2014-04-15 15:00 - 2014-04-07 12:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-15 14:57 - 2013-12-21 19:43 - 00000304 _____ () C:\Windows\Tasks\UpdaterEX.job

2014-04-15 14:53 - 2014-02-12 08:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-15 14:46 - 2013-12-20 21:39 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-15 14:35 - 2013-12-17 17:59 - 01257398 _____ () C:\Windows\WindowsUpdate.log

2014-04-15 14:09 - 2013-12-17 20:02 - 00065536 _____ () C:\Windows\system32\spu_storage.bin

2014-04-15 13:06 - 2013-12-31 15:26 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Duplicati

2014-04-15 12:46 - 2013-12-20 21:39 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-14 13:10 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-14 13:10 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-14 13:09 - 2009-07-14 06:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-14 13:04 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-04-14 13:03 - 2014-04-07 13:01 - 00000392 _____ () C:\Windows\setupact.log

2014-04-14 13:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-12 16:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-04-12 15:01 - 2014-01-04 11:04 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-12 15:00 - 2014-01-04 11:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-12 10:28 - 2014-03-22 16:51 - 00000000 ____D () C:\Users\hardwick\Desktop\BAS printing

2014-04-09 07:51 - 2014-04-07 13:01 - 00648024 _____ () C:\Windows\PFRO.log

2014-04-09 07:51 - 2012-08-26 13:15 - 00000000 ___RD () C:\Users\hardwick\Dropbox

2014-04-08 17:16 - 2013-12-21 01:20 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Dropbox

2014-04-08 12:29 - 2014-04-08 12:29 - 00003894 _____ () C:\Windows\System32\Tasks\WebInternetSecurity Update Task

2014-04-08 12:29 - 2014-04-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Webinternetsecurity

2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect

2014-04-08 12:24 - 2014-04-08 12:24 - 00003244 _____ () C:\Windows\System32\Tasks\{F6CCB10D-64BD-4963-8009-1A5462614C89}

2014-04-07 19:01 - 2014-04-07 19:01 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\DropboxMaster

2014-04-07 19:01 - 2013-12-21 01:31 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-04-07 19:01 - 2012-08-26 13:15 - 00001032 _____ () C:\Users\hardwick\Desktop\Dropbox.lnk

2014-04-07 13:01 - 2014-04-07 13:01 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-07 12:59 - 2014-04-07 12:59 - 00100422 _____ () C:\Users\hardwick\Documents\cc_20140407_125926.reg

2014-04-07 12:58 - 2013-12-21 01:59 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock

2014-04-07 12:58 - 2013-12-21 01:19 - 00000000 ___DC () C:\Users\hardwick\AppData\Local\MigWiz

2014-04-07 12:58 - 2013-12-18 01:38 - 00000000 ____D () C:\Windows\Panther

2014-04-07 12:55 - 2013-12-21 02:01 - 00000000 ____D () C:\Users\hardwick\AppData\Local\genienext

2014-04-07 12:55 - 2013-12-21 01:59 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Nosibay

2014-04-07 12:44 - 2014-04-07 12:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-03 12:50 - 2013-12-21 01:22 - 00000000 ____D () C:\Users\hardwick\Desktop\Alpaca Mail lists

2014-04-03 12:16 - 2012-03-09 09:09 - 00271360 _____ () C:\Users\hardwick\Documents\archive Recovered Demo.pst

2014-04-03 12:15 - 2012-03-09 09:09 - 00271360 _____ () C:\Users\hardwick\Documents\archive Recovered Demo (1).pst

2014-04-03 09:51 - 2014-04-07 12:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-07 12:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-07 12:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-03 09:40 - 2013-12-21 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-03 09:35 - 2014-02-18 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak

2014-04-03 08:32 - 2013-12-21 23:14 - 00000000 ____D () C:\ProgramData\Search Protection

2014-04-02 18:33 - 2013-12-22 12:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-04-02 08:56 - 2014-04-02 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-31 02:16 - 2014-04-09 00:03 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-31 02:13 - 2014-04-09 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-31 01:13 - 2014-04-09 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-31 00:57 - 2014-04-09 00:03 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-26 13:41 - 2013-12-20 21:39 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-26 13:41 - 2013-12-20 21:39 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-22 13:12 - 2013-12-21 01:22 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\vlc

2014-03-19 17:17 - 2014-03-19 17:17 - 00047104 _____ () C:\Users\hardwick\Documents\HOEAG membership.xls

 

Some content of TEMP:

====================

C:\Users\hardwick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhay4.dll

C:\Users\hardwick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpirbs_x.dll

C:\Users\hardwick\AppData\Local\Temp\i4jdel0.exe

C:\Users\hardwick\AppData\Local\Temp\System.Data.SQLite.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-09 00:06

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014

Ran by hardwick at 2014-04-15 15:19:49

Running from C:\Users\hardwick\Desktop\Misc Temp Desktop files

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

 

==================== Installed Programs ======================

 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

Able Photo Resizer 2.5.11.30 (HKLM-x32\...\Able Photo Resizer_is1) (Version: 2.5.11.30 - Graphic-Region Development)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden

Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.100 - NOS Microsystems Ltd.)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)

AMD Accelerated Video Transcoding (Version: 13.20.100.30911 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Control Center (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{47F6824F-CA45-FAD2-2F5B-906D36BA3393}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.80911.2216 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )

Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )

Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version:  - )

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM-x32\...\CCleaner) (Version: 3.12 - Piriform)

DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION

Dropbox (HKCU\...\Dropbox) (Version: 2.6.25 - Dropbox, Inc.)

Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)

FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)

Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

HerdMaster4 (HKLM-x32\...\{32FCFDB2-4672-4F48-9C39-42E6378299F7}) (Version: 4.3.6 - Farbrook Software)

HerdMaster5 (HKLM-x32\...\{A4096036-4D04-46AD-9531-736085608846}) (Version: 5.1.0.0 - Farbrook Software)

HmInstaller (x32 Version: 4.3.6 - Farbrook Software) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)

Intel® Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{004F0409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2007 Trial (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

PCmover (HKLM-x32\...\{01C41C3F-EA8F-4F84-9C21-9564ED195131}) (Version: 8.00.633.0 - Laplink Software, Inc.)

PeerBlock 1.1 (r518) (HKLM-x32\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)

SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{41BB84BA-5CE5-403D-9650-990299509F14}) (Version: 13.0.4.705 - SAP)

Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.12.2 - Conduit) <==== ATTENTION

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)

StuffIt Expander 2011 (HKLM\...\{6B62B973-49F5-4C51-B738-93B56A963417}) (Version: 15.0.7.2518 - Smith Micro Software, Inc.)

SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

UpdaterEX (HKCU\...\UpdaterEX) (Version:  - UpdaterEX)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)

WebInternetSecurity (HKLM-x32\...\Webinternetsecurity) (Version:  - Webinternetsecurity)

 

==================== Restore Points  =========================

 

08-04-2014 12:21:21 Scheduled Checkpoint

08-04-2014 23:01:22 Windows Update

12-04-2014 14:00:11 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {2CE34582-5D99-4A16-AF5E-AE79CEF163B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {5138C072-F32B-4C70-A35B-1BF8CAD9B629} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)

Task: {8359820F-F166-4FC6-B53C-3A498BE77FAE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {9685B2DD-A165-45B7-9C5C-4A21AE6E42FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)

Task: {B5155B2D-2BF5-4E29-BF87-F6C2F44E0FD5} - System32\Tasks\UpdaterEX => C:\Users\hardwick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION

Task: {B86A334E-F2E6-4E81-988C-9980DD56C0B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {CD50D22A-C1C1-4AE4-8882-67D6D0E7BD5D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {E0FFF949-E69D-4C57-A97B-6D1344F01554} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)

Task: {E5526BD6-A25C-4DE0-9008-D163DEDAD49A} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe [2014-04-08] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\hardwick\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

 

==================== Loaded Modules (whitelisted) =============

 

2013-12-17 18:02 - 2012-10-29 08:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

2012-05-21 21:41 - 2012-05-21 21:41 - 00131072 _____ () C:\Program Files\Duplicati\LightDatamodel.dll

2012-05-21 21:41 - 2012-05-21 21:41 - 00931840 _____ () C:\Program Files\Duplicati\SQLite\win64\System.Data.SQLite.dll

2012-05-21 21:41 - 2012-05-21 21:41 - 00260608 _____ () C:\Program Files\Duplicati\AlphaFS.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-12-17 18:02 - 2014-04-14 13:03 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll

2013-12-17 18:02 - 2012-05-07 17:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll

2013-12-24 14:08 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2013-12-24 14:08 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2013-12-24 14:08 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2013-12-24 14:08 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2013-12-24 14:08 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-04-10 09:51 - 2014-04-02 02:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll

2013-12-17 18:08 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2013-12-22 02:34 - 2012-12-14 16:42 - 00053160 _____ () C:\Program Files (x86)\Vuze\aereg.dll

2014-02-11 12:39 - 2012-12-14 16:42 - 00077768 _____ () C:\Users\hardwick\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.17-M2-x86.dll

2014-02-11 12:39 - 2012-12-14 16:42 - 00019368 _____ () C:\Users\hardwick\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2014-04-10 09:51 - 2014-04-02 02:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll

2014-04-10 09:51 - 2014-04-02 02:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll

2014-04-10 09:51 - 2014-04-02 02:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll

2014-04-10 09:51 - 2014-04-02 02:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll

2014-04-10 09:51 - 2014-04-02 02:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

2014-04-10 09:51 - 2014-04-02 02:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/15/2014 02:09:32 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 13323

 

Error: (04/15/2014 02:09:32 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 13323

 

Error: (04/15/2014 02:09:32 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/15/2014 02:09:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12246

 

Error: (04/15/2014 02:09:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12246

 

Error: (04/15/2014 02:09:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/15/2014 02:09:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11232

 

Error: (04/15/2014 02:09:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 11232

 

Error: (04/15/2014 02:09:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/15/2014 02:09:29 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10218

 

 

System errors:

=============

Error: (04/14/2014 01:08:09 PM) (Source: DCOM) (User: )

Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

 

Error: (04/14/2014 01:04:20 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (04/14/2014 01:03:14 PM) (Source: Service Control Manager) (User: )

Description: The Util sizlsearch service failed to start due to the following error: 

%%2

 

Error: (04/13/2014 10:16:28 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (04/13/2014 10:15:58 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (04/13/2014 09:11:54 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (04/13/2014 09:11:24 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (04/13/2014 07:38:42 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (04/13/2014 07:37:36 PM) (Source: Service Control Manager) (User: )

Description: The Util sizlsearch service failed to start due to the following error: 

%%2

 

Error: (04/12/2014 03:44:45 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Percentage of memory in use: 36%

Total physical RAM: 8130.23 MB

Available physical RAM: 5164.61 MB

Total Pagefile: 13115.41 MB

Available Pagefile: 6069.57 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:830.4 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 939BDB0B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

DMUninstaller
Search Protect
Vuze
UpdaterEX
WebInternetSecurity
 


Close the window.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014

Ran by hardwick (administrator) on CHRISDEAKIN-PC on 15-04-2014 16:15:22

Running from C:\Users\hardwick\Desktop\Misc Temp Desktop files

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(HexaD) C:\Program Files\Duplicati\Duplicati.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [WebInternetSecurity] => "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe"

HKLM-x32\...\Runonce: [Webinternetsecurity-dl Data Uninstall] - cmd /C rd /Q /S "C:\Program Files (x86)\Webinternetsecurity" [X]

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-19\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-20\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [FBBF48DDF52CFE01A375E54F303562119CD0BB61._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.)

HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [PeerBlock] => C:\Program Files (x86)\peerblock\peerblock.exe [1866864 2010-11-06] (PeerBlock, LLC)

HKU\S-1-5-21-1004204646-2864660507-1877319225-1010\...\Run: [GoogleChromeAutoLaunch_DDAA95BF07E3734F0BE24CB51FCD11D0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.)

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found

 

==================== Internet (Whitelisted) ====================

 


HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie


SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_4981&q={searchTerms}

SearchScopes: HKCU - {C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab


DPF: HKLM-x32 {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default

FF user.js: detected! => C:\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\user.js

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.100 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\hardwick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\hardwick\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

 

Chrome: 

=======


CHR DefaultSearchKeyword: google.co.uk

CHR Extension: (Live Documents) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\amaifjdaecbdedhngkjojpkdnjndpcch [2013-12-21]

CHR Extension: (Google Docs) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21]

CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-12-21]

CHR Extension: (Google Drive) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]

CHR Extension: (Auction Raptor) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl [2014-01-17]

CHR Extension: (YouTube) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]

CHR Extension: (Google Search) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]

CHR Extension: (Gmail Offline) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-21]

CHR Extension: (Google Calendar) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-21]

CHR Extension: (Pivotal Tracker) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmopohenfphcfkjklbikdpfhilnlckfl [2013-12-21]

CHR Extension: (Digital Clock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-12-21]

CHR Extension: (AdBlock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-21]

CHR Extension: (Bubble Dock) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp [2013-12-21]

CHR Extension: (Potiphar) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdjehpheibomdlhciohiojkfliemofjg [2013-12-21]

CHR Extension: (FastestFox for Chrome) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-12-21]

CHR Extension: (Google Play Books) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-12-21]

CHR Extension: (Google Wallet) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]

CHR Extension: (Google Chrome to Phone Extension) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-12-21]

CHR Extension: (Rain Alarm Extension) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd [2013-12-21]

CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2013-12-21]

CHR Extension: (Gmail) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]

CHR HKCU\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12]

CHR HKLM-x32\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12]

CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2014-01-12]

CHR HKLM-x32\...\Chrome\Extension: [kbjlipmgfoamgjaogmbihaffnpkpjajp] - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\GCSurfMatch.crx [2012-11-06]

 

==================== Services (Whitelisted) =================

 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S2 Util sizlsearch; "C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S3 pbfilter; C:\Program Files (x86)\PeerBlock\pbfilter.sys [20080 2010-11-06] ()

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-15 16:14 - 2014-04-15 16:14 - 00000000 ____D () C:\Users\hardwick\AppData\Local\WebInternetSecurity

2014-04-15 15:23 - 2014-04-15 15:23 - 00000000 ____D () C:\Users\hardwick\Desktop\TDSSKiller

2014-04-15 15:19 - 2014-04-15 16:15 - 00000000 ____D () C:\FRST

2014-04-09 00:03 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-09 00:03 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-09 00:03 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-09 00:03 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-09 00:02 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-09 00:02 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 00:02 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 00:02 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 00:02 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 00:02 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 00:02 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 00:02 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-09 00:02 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-09 00:02 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-09 00:02 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-09 00:02 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 00:02 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-08 12:29 - 2014-04-15 16:14 - 00000000 ____D () C:\Program Files (x86)\Webinternetsecurity

2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect

2014-04-08 12:24 - 2014-04-08 12:24 - 00003244 _____ () C:\Windows\System32\Tasks\{F6CCB10D-64BD-4963-8009-1A5462614C89}

2014-04-07 19:01 - 2014-04-07 19:01 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\DropboxMaster

2014-04-07 13:01 - 2014-04-14 13:03 - 00000392 _____ () C:\Windows\setupact.log

2014-04-07 13:01 - 2014-04-09 07:51 - 00648024 _____ () C:\Windows\PFRO.log

2014-04-07 13:01 - 2014-04-07 13:01 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-07 12:59 - 2014-04-07 12:59 - 00100422 _____ () C:\Users\hardwick\Documents\cc_20140407_125926.reg

2014-04-07 12:45 - 2014-04-15 15:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-07 12:44 - 2014-04-07 12:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-07 12:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-07 12:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-07 12:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 08:55 - 2014-04-02 08:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-22 16:51 - 2014-04-12 10:28 - 00000000 ____D () C:\Users\hardwick\Desktop\BAS printing

2014-03-19 17:17 - 2014-03-19 17:17 - 00047104 _____ () C:\Users\hardwick\Documents\HOEAG membership.xls

 

==================== One Month Modified Files and Folders =======

 

2014-04-15 16:15 - 2014-04-15 15:19 - 00000000 ____D () C:\FRST

2014-04-15 16:15 - 2013-12-21 01:23 - 00000000 ____D () C:\Users\hardwick\Desktop\Misc Temp Desktop files

2014-04-15 16:14 - 2014-04-15 16:14 - 00000000 ____D () C:\Users\hardwick\AppData\Local\WebInternetSecurity

2014-04-15 16:14 - 2014-04-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Webinternetsecurity

2014-04-15 16:13 - 2013-12-21 01:19 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Azureus

2014-04-15 15:57 - 2013-12-21 19:43 - 00000304 _____ () C:\Windows\Tasks\UpdaterEX.job

2014-04-15 15:53 - 2014-02-12 08:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-15 15:46 - 2013-12-20 21:39 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-15 15:23 - 2014-04-15 15:23 - 00000000 ____D () C:\Users\hardwick\Desktop\TDSSKiller

2014-04-15 15:23 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-15 15:23 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-15 15:00 - 2014-04-07 12:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-15 14:35 - 2013-12-17 17:59 - 01259094 _____ () C:\Windows\WindowsUpdate.log

2014-04-15 14:09 - 2013-12-17 20:02 - 00065536 _____ () C:\Windows\system32\spu_storage.bin

2014-04-15 13:06 - 2013-12-31 15:26 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Duplicati

2014-04-15 12:46 - 2013-12-20 21:39 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-14 13:09 - 2009-07-14 06:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-14 13:04 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-04-14 13:03 - 2014-04-07 13:01 - 00000392 _____ () C:\Windows\setupact.log

2014-04-14 13:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-12 16:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-04-12 15:01 - 2014-01-04 11:04 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-12 15:00 - 2014-01-04 11:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-12 10:28 - 2014-03-22 16:51 - 00000000 ____D () C:\Users\hardwick\Desktop\BAS printing

2014-04-09 07:51 - 2014-04-07 13:01 - 00648024 _____ () C:\Windows\PFRO.log

2014-04-09 07:51 - 2012-08-26 13:15 - 00000000 ___RD () C:\Users\hardwick\Dropbox

2014-04-08 17:16 - 2013-12-21 01:20 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Dropbox

2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect

2014-04-08 12:24 - 2014-04-08 12:24 - 00003244 _____ () C:\Windows\System32\Tasks\{F6CCB10D-64BD-4963-8009-1A5462614C89}

2014-04-07 19:01 - 2014-04-07 19:01 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\DropboxMaster

2014-04-07 19:01 - 2013-12-21 01:31 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-04-07 19:01 - 2012-08-26 13:15 - 00001032 _____ () C:\Users\hardwick\Desktop\Dropbox.lnk

2014-04-07 13:01 - 2014-04-07 13:01 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-07 12:59 - 2014-04-07 12:59 - 00100422 _____ () C:\Users\hardwick\Documents\cc_20140407_125926.reg

2014-04-07 12:58 - 2013-12-21 01:59 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock

2014-04-07 12:58 - 2013-12-21 01:19 - 00000000 ___DC () C:\Users\hardwick\AppData\Local\MigWiz

2014-04-07 12:58 - 2013-12-18 01:38 - 00000000 ____D () C:\Windows\Panther

2014-04-07 12:55 - 2013-12-21 02:01 - 00000000 ____D () C:\Users\hardwick\AppData\Local\genienext

2014-04-07 12:55 - 2013-12-21 01:59 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Nosibay

2014-04-07 12:44 - 2014-04-07 12:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-07 12:44 - 2014-04-07 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-03 12:50 - 2013-12-21 01:22 - 00000000 ____D () C:\Users\hardwick\Desktop\Alpaca Mail lists

2014-04-03 12:16 - 2012-03-09 09:09 - 00271360 _____ () C:\Users\hardwick\Documents\archive Recovered Demo.pst

2014-04-03 12:15 - 2012-03-09 09:09 - 00271360 _____ () C:\Users\hardwick\Documents\archive Recovered Demo (1).pst

2014-04-03 09:51 - 2014-04-07 12:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-07 12:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-07 12:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-03 09:40 - 2013-12-21 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-03 09:35 - 2014-02-18 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak

2014-04-03 08:32 - 2013-12-21 23:14 - 00000000 ____D () C:\ProgramData\Search Protection

2014-04-02 18:33 - 2013-12-22 12:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-04-02 08:56 - 2014-04-02 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-31 02:16 - 2014-04-09 00:03 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-31 02:13 - 2014-04-09 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-31 01:13 - 2014-04-09 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-31 00:57 - 2014-04-09 00:03 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-26 13:41 - 2013-12-20 21:39 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-26 13:41 - 2013-12-20 21:39 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-22 13:12 - 2013-12-21 01:22 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\vlc

2014-03-19 17:17 - 2014-03-19 17:17 - 00047104 _____ () C:\Users\hardwick\Documents\HOEAG membership.xls

 

Some content of TEMP:

====================

C:\Users\hardwick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhay4.dll

C:\Users\hardwick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpirbs_x.dll

C:\Users\hardwick\AppData\Local\Temp\i4jdel0.exe

C:\Users\hardwick\AppData\Local\Temp\System.Data.SQLite.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-09 00:06

 

==================== End Of Log ============================

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 15/04/2014

Scan Time: 16:22:06

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.15.06

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: hardwick

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 285966

Time Elapsed: 4 min, 53 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Conduit.A, C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=MD3C7859A-CEEB-4FEA-918C-48C0EB4393F9&SearchSource=55&CUI=&UM=5&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&SSPV=SE2YA1_sp_ch",), Replaced,[dac811197ffc0a2caa5090be7b89a35d]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

I have just run malware again and the same virus is there

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 15/04/2014
Scan Time: 16:46:04
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.15.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: hardwick
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283217
Time Elapsed: 5 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Conduit.A, C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=MD3C7859A-CEEB-4FEA-918C-48C0EB4393F9&SearchSource=55&CUI=&UM=5&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&SSPV=SE2YA1_sp_ch",), ,[9012af7b384372c410ea0e400400c43c]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014

Ran by hardwick at 2014-04-17 11:28:38 Run:1

Running from C:\Users\hardwick\Desktop\Misc Temp Desktop files

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(WebInternetSecurity) C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe

(Azureus Software, Inc) C:\Program Files (x86)\Vuze\Azureus.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

HKLM-x32\...\Run: [WebInternetSecurity] => C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe [797184 2013-12-30] (WebInternetSecurity)

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found

ProxyServer: http=127.0.0.1:49188;https=127.0.0.1:49188

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080915

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...4187AA5D5A53&q={searchTerms}&SSPV=SE2YA1_sp_ie

SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.c...&ent=ch_4981&q={searchTerms}

SearchScopes: HKCU - {C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} URL = http://uk.search.yah...&type=994519&p={searchTerms}

CHR Extension: (Auction Raptor) - C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl [2014-01-17]

CHR HKCU\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12]

CHR HKLM-x32\...\Chrome\Extension: [blhhodocappjllfhjbbkaaglgmbecgcl] - C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx [2014-01-12]

CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2014-01-12]

Task: {B5155B2D-2BF5-4E29-BF87-F6C2F44E0FD5} - System32\Tasks\UpdaterEX => C:\Users\hardwick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION

Task: {E5526BD6-A25C-4DE0-9008-D163DEDAD49A} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe [2014-04-08] ()

Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\hardwick\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

 

S2 Util sizlsearch; "C:\Program Files (x86)\sizlsearch\bin\utilsizlsearch.exe" [X]

 

C:\Program Files (x86)\Webinternetsecurity

C:\PROGRA~2\SearchProtect

C:\Program Files (x86)\sizlsearch

C:\Windows\System32\Tasks\WebInternetSecurity Update Task

2014-04-15 15:19 - 2013-12-21 01:19 - 00000000 ____D () C:\Users\hardwick\AppData\Roaming\Azureus

2014-04-08 12:28 - 2014-04-08 12:28 - 00000000 ____D () C:\Users\hardwick\AppData\Local\SearchProtect

2014-04-03 08:32 - 2013-12-21 23:14 - 00000000 ____D () C:\ProgramData\Search Protection

C:\Users\hardwick\AppData\Roaming\UpdaterEX

 

*****************

 

[2380] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully.

C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe => No running process found

C:\Program Files (x86)\Vuze\Azureus.exe => No running process found

[2624] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully.

[2188] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully.

[2188] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully.

[2188] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => Process closed successfully.

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No running process found

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WebInternetSecurity => Value deleted successfully.

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.

HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.

HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} => Key deleted successfully.

HKCR\CLSID\{C75451FA-ED4C-471B-A0A4-BA52E59C2B5E} => Key deleted successfully.

C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl => Moved successfully.

HKCU\SOFTWARE\Google\Chrome\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl => Key deleted successfully.

C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx => Moved successfully.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl => Key deleted successfully.

"C:\Users\hardwick\AppData\Local\CRE\blhhodocappjllfhjbbkaaglgmbecgcl.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh => Key deleted successfully.

"C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5155B2D-2BF5-4E29-BF87-F6C2F44E0FD5} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5155B2D-2BF5-4E29-BF87-F6C2F44E0FD5} => Key deleted successfully.

C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5526BD6-A25C-4DE0-9008-D163DEDAD49A} => Key deleted successfully.

C:\Windows\System32\Tasks\WebInternetSecurity Update Task not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebInternetSecurity Update Task => Key deleted successfully.

C:\Windows\Tasks\UpdaterEX.job => Moved successfully.

Util sizlsearch => Service deleted successfully.

"C:\Program Files (x86)\Webinternetsecurity" => File/Directory not found.

"C:\PROGRA~2\SearchProtect" => File/Directory not found.

"C:\Program Files (x86)\sizlsearch" => File/Directory not found.

"C:\Windows\System32\Tasks\WebInternetSecurity Update Task" => File/Directory not found.

C:\Users\hardwick\AppData\Roaming\Azureus => Moved successfully.

C:\Users\hardwick\AppData\Local\SearchProtect => Moved successfully.

C:\ProgramData\Search Protection => Moved successfully.

C:\Users\hardwick\AppData\Roaming\UpdaterEX => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

ESET Services Repair

Download ESET services repair from here and save the file to your desktop.

Run it by right click --> "run as administrator".

After the tool is finished, reboot.

Link to post
Share on other sites

  Malwarebytes Anti-Malware

www.malwarebytes.org
 
 
Protection, 17/04/2014 07:54:21, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Starting, 
Protection, 17/04/2014 07:54:21, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Started, 
Protection, 17/04/2014 07:54:21, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17/04/2014 07:55:20, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, 
Update, 17/04/2014 08:21:20, SYSTEM, CHRISDEAKIN-PC, Scheduler, Malware Database, 2014.4.15.6, 2014.4.17.2, 
Protection, 17/04/2014 08:21:27, SYSTEM, CHRISDEAKIN-PC, Protection, Refresh, Starting, 
Protection, 17/04/2014 08:21:27, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 17/04/2014 08:21:27, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 17/04/2014 08:21:29, SYSTEM, CHRISDEAKIN-PC, Protection, Refresh, Success, 
Protection, 17/04/2014 08:21:29, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17/04/2014 08:21:30, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, 
Detection, 17/04/2014 10:22:41, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54781, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 17/04/2014 10:22:42, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54782, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 17/04/2014 10:22:42, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54781, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 17/04/2014 10:22:42, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54790, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 17/04/2014 10:24:32, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54933, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 17/04/2014 10:24:32, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54934, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 17/04/2014 10:24:32, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.zeusclicks.com, 54935, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Protection, 17/04/2014 11:28:28, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 17/04/2014 11:28:28, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 17/04/2014 11:28:28, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Stopping, 
Protection, 17/04/2014 11:28:33, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Stopped, 
Protection, 17/04/2014 13:32:39, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Starting, 
Protection, 17/04/2014 13:32:39, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Started, 
Protection, 17/04/2014 13:32:39, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17/04/2014 13:32:39, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, 
Update, 17/04/2014 15:51:13, SYSTEM, CHRISDEAKIN-PC, Scheduler, Malware Database, 2014.4.17.2, 2014.4.17.4, 
Protection, 17/04/2014 15:51:20, SYSTEM, CHRISDEAKIN-PC, Protection, Refresh, Starting, 
Protection, 17/04/2014 15:51:20, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 17/04/2014 15:51:20, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 17/04/2014 15:51:22, SYSTEM, CHRISDEAKIN-PC, Protection, Refresh, Success, 
Protection, 17/04/2014 15:51:22, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17/04/2014 15:51:23, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, 
Protection, 17/04/2014 16:18:36, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Starting, 
Protection, 17/04/2014 16:18:36, SYSTEM, CHRISDEAKIN-PC, Protection, Malware Protection, Started, 
Protection, 17/04/2014 16:18:36, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17/04/2014 16:18:44, SYSTEM, CHRISDEAKIN-PC, Protection, Malicious Website Protection, Started, 
 
(end)
Link to post
Share on other sites

Sorry - I hope this is right?

 

Log Opened: 2014-04-17 @ 16:17:04

16:17:04 - -----------------

16:17:04 - | Begin Logging |

16:17:04 - -----------------

16:17:04 - Fix started on a WIN_7 X64 computer

16:17:04 - Prep in progress.  Please Wait.

16:17:05 - Prep complete

16:17:05 - Repairing Services Now.  Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

 

SetACL finished successfully.

16:17:07 - Services Repair Complete.

16:17:45 - Reboot Initiated

Log Opened: 2014-04-18 @ 09:31:08

09:31:08 - -----------------

09:31:08 - | Begin Logging |

09:31:08 - -----------------

09:31:08 - Fix started on a WIN_7 X64 computer

09:31:08 - Prep in progress.  Please Wait.

09:31:09 - Prep complete

09:31:09 - Repairing Services Now.  Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

 

SetACL finished successfully.

09:31:10 - Services Repair Complete.

09:31:29 - Reboot Initiated

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 18/04/2014

Scan Time: 09:06:22

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.17.04

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: hardwick

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 286469

Time Elapsed: 15 hr, 32 min, 7 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Conduit.A, C:\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3321738&octid=EB_ORIGINAL_CTID&ISID=MD3C7859A-CEEB-4FEA-918C-48C0EB4393F9&SearchSource=55&CUI=&UM=5&UP=SP6CE89EAA-0F31-47E5-890B-4187AA5D5A53&SSPV=SE2YA1_sp_ch",), Replaced,[b6b278b3b1caf73fad931c36ff05ff01]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites


ComboFix 14-04-20.01 - hardwick 21/04/2014  19:52:19.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8130.4992 [GMT 1:00]

Running from: c:\users\hardwick\Desktop\ComboFix.exe

.

.

(((((((((((((((((((((((((   Files Created from 2014-03-21 to 2014-04-21  )))))))))))))))))))))))))))))))

.

.

2014-04-21 18:55 . 2014-04-21 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-04-21 18:55 . 2014-04-21 18:55 -------- d-----w- c:\users\Chris Deakin\AppData\Local\temp

2014-04-19 03:55 . 2014-04-19 03:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC2ACB1E-830B-4B1B-AEAB-E495C33F5CDD}\offreg.dll

2014-04-18 22:19 . 2014-04-17 04:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC2ACB1E-830B-4B1B-AEAB-E495C33F5CDD}\mpengine.dll

2014-04-18 08:39 . 2014-04-14 19:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-04-15 15:14 . 2014-04-15 15:14 -------- d-----w- c:\users\hardwick\AppData\Local\WebInternetSecurity

2014-04-15 14:19 . 2014-04-17 10:28 -------- d-----w- C:\FRST

2014-04-08 23:03 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll

2014-04-08 23:03 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-04-08 23:03 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-04-07 18:01 . 2014-04-07 18:01 -------- d-----w- c:\users\hardwick\AppData\Roaming\DropboxMaster

2014-04-07 11:45 . 2014-04-21 15:01 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\programdata\Malwarebytes

2014-04-07 11:44 . 2014-04-03 08:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-04-07 11:44 . 2014-04-03 08:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-04-07 11:44 . 2014-04-03 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-21 17:42 . 2013-12-17 19:02 65536 ----a-w- c:\windows\system32\spu_storage.bin

2014-04-12 14:00 . 2014-01-04 10:04 90655440 ----a-w- c:\windows\system32\MRT.exe

2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-03-14 07:41 . 2014-02-12 07:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-14 07:41 . 2014-02-12 07:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-03-04 09:17 . 2014-04-08 23:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2014-03-01 05:16 . 2014-03-13 15:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2014-03-01 04:58 . 2014-03-13 15:55 2765824 ----a-w- c:\windows\system32\iertutil.dll

2014-03-01 04:52 . 2014-03-13 15:55 66048 ----a-w- c:\windows\system32\iesetup.dll

2014-03-01 04:51 . 2014-03-13 15:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll

2014-03-01 04:42 . 2014-03-13 15:55 53760 ----a-w- c:\windows\system32\jsproxy.dll

2014-03-01 04:40 . 2014-03-13 15:55 33792 ----a-w- c:\windows\system32\iernonce.dll

2014-03-01 04:37 . 2014-03-13 15:55 574976 ----a-w- c:\windows\system32\ieui.dll

2014-03-01 04:33 . 2014-03-13 15:55 139264 ----a-w- c:\windows\system32\ieUnatt.exe

2014-03-01 04:33 . 2014-03-13 15:55 111616 ----a-w- c:\windows\system32\ieetwcollector.exe

2014-03-01 04:32 . 2014-03-13 15:55 708608 ----a-w- c:\windows\system32\jscript9diag.dll

2014-03-01 04:23 . 2014-03-13 15:55 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2014-03-01 04:17 . 2014-03-13 15:55 218624 ----a-w- c:\windows\system32\ie4uinit.exe

2014-03-01 04:02 . 2014-03-13 15:55 195584 ----a-w- c:\windows\system32\msrating.dll

2014-03-01 03:54 . 2014-03-13 15:55 5768704 ----a-w- c:\windows\system32\jscript9.dll

2014-03-01 03:52 . 2014-03-13 15:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2014-03-01 03:51 . 2014-03-13 15:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2014-03-01 03:42 . 2014-03-13 15:55 627200 ----a-w- c:\windows\system32\msfeeds.dll

2014-03-01 03:38 . 2014-03-13 15:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2014-03-01 03:37 . 2014-03-13 15:55 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll

2014-03-01 03:35 . 2014-03-13 15:55 2041856 ----a-w- c:\windows\system32\inetcpl.cpl

2014-03-01 03:18 . 2014-03-13 15:55 13051904 ----a-w- c:\windows\system32\ieframe.dll

2014-03-01 03:14 . 2014-03-13 15:55 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll

2014-03-01 03:10 . 2014-03-13 15:55 2334208 ----a-w- c:\windows\system32\wininet.dll

2014-03-01 03:00 . 2014-03-13 15:55 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2014-03-01 02:38 . 2014-03-13 15:55 1393664 ----a-w- c:\windows\system32\urlmon.dll

2014-03-01 02:32 . 2014-03-13 15:55 1820160 ----a-w- c:\windows\SysWow64\wininet.dll

2014-03-01 02:25 . 2014-03-13 15:55 817664 ----a-w- c:\windows\system32\ieapfltr.dll

2014-02-07 01:23 . 2014-03-13 15:55 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-02-04 02:32 . 2014-03-13 15:54 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2014-02-04 02:32 . 2014-03-13 15:54 624128 ----a-w- c:\windows\system32\qedit.dll

2014-02-04 02:04 . 2014-03-13 15:54 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2014-02-04 02:04 . 2014-03-13 15:54 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2014-01-29 02:32 . 2014-03-13 15:55 484864 ----a-w- c:\windows\system32\wer.dll

2014-01-29 02:06 . 2014-03-13 15:55 381440 ----a-w- c:\windows\SysWow64\wer.dll

2014-01-28 02:32 . 2014-03-13 15:55 228864 ----a-w- c:\windows\system32\wwansvc.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FBBF48DDF52CFE01A375E54F303562119CD0BB61._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032]

"PeerBlock"="c:\program files (x86)\peerblock\peerblock.exe" [2010-11-06 1866864]

"GoogleChromeAutoLaunch_DDAA95BF07E3734F0BE24CB51FCD11D0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-11 766208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Duplicati.lnk - c:\program files\Duplicati\Duplicati.exe [2013-1-31 1456640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R3 pbfilter;pbfilter;c:\program files (x86)\PeerBlock\pbfilter.sys;c:\program files (x86)\PeerBlock\pbfilter.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMPROTECTOR

*Deregistered* - MBAMWebAccessControl

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-04-10 08:50 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 07:41]

.

2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39]

.

2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm



mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <-loopback>


IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\

.

- - - - ORPHANS REMOVED - - - -

.

Notify-SDWinLogon - SDWinLogon.dll

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file)

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file)

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-04-21  19:56:29

ComboFix-quarantined-files.txt  2014-04-21 18:56

ComboFix2.txt  2014-04-21 17:08

.

Pre-Run: 892,863,029,248 bytes free

Post-Run: 892,799,778,816 bytes free

.

- - End Of File - - ED37FE692CA1C5D825DC61D2D19E853B

A36C5E4F47E84449FF07ED3517B43A31

 

Link to post
Share on other sites

ComboFix 14-04-20.01 - hardwick 22/04/2014  10:00:44.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8130.6280 [GMT 1:00]

Running from: c:\users\hardwick\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((   Files Created from 2014-03-22 to 2014-04-22  )))))))))))))))))))))))))))))))

.

.

2014-04-22 09:03 . 2014-04-22 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-04-22 09:03 . 2014-04-22 09:03 -------- d-----w- c:\users\Chris Deakin\AppData\Local\temp

2014-04-22 07:09 . 2014-04-17 04:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF3997C2-8077-4E46-8978-ED183B88A91F}\mpengine.dll

2014-04-18 08:39 . 2014-04-14 19:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-04-15 15:14 . 2014-04-15 15:14 -------- d-----w- c:\users\hardwick\AppData\Local\WebInternetSecurity

2014-04-15 14:19 . 2014-04-17 10:28 -------- d-----w- C:\FRST

2014-04-08 23:03 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll

2014-04-08 23:03 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-04-08 23:03 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-04-07 18:01 . 2014-04-07 18:01 -------- d-----w- c:\users\hardwick\AppData\Roaming\DropboxMaster

2014-04-07 11:45 . 2014-04-22 08:59 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-04-07 11:44 . 2014-04-07 11:44 -------- d-----w- c:\programdata\Malwarebytes

2014-04-07 11:44 . 2014-04-03 08:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-04-07 11:44 . 2014-04-03 08:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-04-07 11:44 . 2014-04-03 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-22 08:58 . 2013-12-17 19:02 65536 ----a-w- c:\windows\system32\spu_storage.bin

2014-04-12 14:00 . 2014-01-04 10:04 90655440 ----a-w- c:\windows\system32\MRT.exe

2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-03-14 07:41 . 2014-02-12 07:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-14 07:41 . 2014-02-12 07:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-03-04 09:17 . 2014-04-08 23:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2014-03-01 05:16 . 2014-03-13 15:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2014-03-01 04:58 . 2014-03-13 15:55 2765824 ----a-w- c:\windows\system32\iertutil.dll

2014-03-01 04:52 . 2014-03-13 15:55 66048 ----a-w- c:\windows\system32\iesetup.dll

2014-03-01 04:51 . 2014-03-13 15:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll

2014-03-01 04:42 . 2014-03-13 15:55 53760 ----a-w- c:\windows\system32\jsproxy.dll

2014-03-01 04:40 . 2014-03-13 15:55 33792 ----a-w- c:\windows\system32\iernonce.dll

2014-03-01 04:37 . 2014-03-13 15:55 574976 ----a-w- c:\windows\system32\ieui.dll

2014-03-01 04:33 . 2014-03-13 15:55 139264 ----a-w- c:\windows\system32\ieUnatt.exe

2014-03-01 04:33 . 2014-03-13 15:55 111616 ----a-w- c:\windows\system32\ieetwcollector.exe

2014-03-01 04:32 . 2014-03-13 15:55 708608 ----a-w- c:\windows\system32\jscript9diag.dll

2014-03-01 04:23 . 2014-03-13 15:55 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2014-03-01 04:17 . 2014-03-13 15:55 218624 ----a-w- c:\windows\system32\ie4uinit.exe

2014-03-01 04:02 . 2014-03-13 15:55 195584 ----a-w- c:\windows\system32\msrating.dll

2014-03-01 03:54 . 2014-03-13 15:55 5768704 ----a-w- c:\windows\system32\jscript9.dll

2014-03-01 03:52 . 2014-03-13 15:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2014-03-01 03:51 . 2014-03-13 15:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2014-03-01 03:42 . 2014-03-13 15:55 627200 ----a-w- c:\windows\system32\msfeeds.dll

2014-03-01 03:38 . 2014-03-13 15:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2014-03-01 03:37 . 2014-03-13 15:55 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll

2014-03-01 03:35 . 2014-03-13 15:55 2041856 ----a-w- c:\windows\system32\inetcpl.cpl

2014-03-01 03:18 . 2014-03-13 15:55 13051904 ----a-w- c:\windows\system32\ieframe.dll

2014-03-01 03:14 . 2014-03-13 15:55 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll

2014-03-01 03:10 . 2014-03-13 15:55 2334208 ----a-w- c:\windows\system32\wininet.dll

2014-03-01 03:00 . 2014-03-13 15:55 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2014-03-01 02:38 . 2014-03-13 15:55 1393664 ----a-w- c:\windows\system32\urlmon.dll

2014-03-01 02:32 . 2014-03-13 15:55 1820160 ----a-w- c:\windows\SysWow64\wininet.dll

2014-03-01 02:25 . 2014-03-13 15:55 817664 ----a-w- c:\windows\system32\ieapfltr.dll

2014-02-07 01:23 . 2014-03-13 15:55 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-02-04 02:32 . 2014-03-13 15:54 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2014-02-04 02:32 . 2014-03-13 15:54 624128 ----a-w- c:\windows\system32\qedit.dll

2014-02-04 02:04 . 2014-03-13 15:54 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2014-02-04 02:04 . 2014-03-13 15:54 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2014-01-29 02:32 . 2014-03-13 15:55 484864 ----a-w- c:\windows\system32\wer.dll

2014-01-29 02:06 . 2014-03-13 15:55 381440 ----a-w- c:\windows\SysWow64\wer.dll

2014-01-28 02:32 . 2014-03-13 15:55 228864 ----a-w- c:\windows\system32\wwansvc.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\hardwick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FBBF48DDF52CFE01A375E54F303562119CD0BB61._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032]

"PeerBlock"="c:\program files (x86)\peerblock\peerblock.exe" [2010-11-06 1866864]

"GoogleChromeAutoLaunch_DDAA95BF07E3734F0BE24CB51FCD11D0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-02 841032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-11 766208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Duplicati.lnk - c:\program files\Duplicati\Duplicati.exe [2013-1-31 1456640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R3 pbfilter;pbfilter;c:\program files (x86)\PeerBlock\pbfilter.sys;c:\program files (x86)\PeerBlock\pbfilter.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - MBAMWEBACCESSCONTROL

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-04-10 08:50 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 07:41]

.

2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39]

.

2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 20:39]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm



mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <-loopback>

uInternet Settings,ProxyServer = localhost:8080


IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\mt0zvmh2.default\

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file)

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file)

ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-04-22  10:04:36

ComboFix-quarantined-files.txt  2014-04-22 09:04

ComboFix2.txt  2014-04-21 18:56

ComboFix3.txt  2014-04-21 17:08

.

Pre-Run: 891,548,102,656 bytes free

Post-Run: 891,461,632,000 bytes free

.

- - End Of File - - 5D06D89020BE5043A31EAEC9BC8AAD44

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Nothing to see within the logs.

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir a variant of Win32/Toolbar.Widgi.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\Auction_RaptorToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\ldrtbAuct.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\prxtbAuc0.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\prxtbAuct.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Auction_Raptor\tbAuct.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\wth169.dll.vir a variant of Win32/Toolbar.Widgi.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\wthx169.dll.vir a variant of Win64/Toolbar.Widgi.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\SlickSavings\SlickSavingsSetup.exe.vir Win32/Toolbar.Widgi.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyIE.dll.vir a variant of Win32/DealPly.G potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateVer.exe.vir a variant of Win32/DealPly.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\DealPlyLive.exe.vir Win32/DealPly.N potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe.vir Win32/DealPly.N potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir Win32/DealPly.N potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe.vir Win32/DealPly.N potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir Win32/DealPly.N potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir Win32/DealPly.N potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir Win32/DealPly.N potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir Win32/DealPly.N potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir Win32/DealPly.N potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\PricePeep\pricepeep.dll.vir a variant of Win32/AdWare.PricePeep.A application

C:\AdwCleaner\Quarantine\C\Program Files\Vuze Remote toolbar\FF\components\vuzeToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Vuze Remote toolbar\IE\7.9\vuzeToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\ldrtbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\prxtbVuze.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Wajam\IE\priam_bho.dll.vir a variant of Win32/Wajam.G potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\WajamUpdater.exe.vir Win32/Wajam.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT111115\Auction_RaptorAutoUpdateHelper.exe (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT111115\Auction_RaptorAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl\10.20.1.508_0\plugins\TBVerifier.dll (1).vir Win32/Toolbar.Conduit.AC potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhhodocappjllfhjbbkaaglgmbecgcl\10.20.1.508_0\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\background.js (1).vir Win32/DealPly.J potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\background.js.vir Win32/DealPly.J potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.20.1.508_0\plugins\TBVerifier.dll (1).vir Win32/Toolbar.Conduit.AC potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.20.1.508_0\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuc0.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuc0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuct.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\ldrtbAuct.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc0.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc1.dll (1).vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuc1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuct.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Auction_Raptor\tbAuct.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll (1).vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz1.dll (1).vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuz1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuze.dll (1).vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (1).vir a variant of Win32/DealPly.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\g48916ym.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul (1).vir Win32/DealPly.J potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\hardwick\AppData\Roaming\Mozilla\Firefox\Profiles\g48916ym.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir Win32/DealPly.J potentially unwanted application

C:\FRST\Quarantine\C\Users\hardwick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.O potentially unwanted application

C:\Program Files (x86)\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application

C:\Qoobox\Quarantine\C\Program Files (x86)\SaveShare\uninstall.exe.vir Win32/SProtector.B potentially unwanted application

C:\Users\hardwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ARC2BB0\SPSetup[1].exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application

C:\Users\hardwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QP2GA7G\sp-downloader[1].exe Win32/Toolbar.Conduit.R potentially unwanted application

C:\Users\hardwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVFGAHO1\Setup[1].exe a variant of Win32/BrowseFox.F potentially unwanted application

C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\Player_Setup (1).exe a variant of Win32/DomaIQ.AM potentially unwanted application

C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\Player_Setup.exe a variant of Win32/DomaIQ.AM potentially unwanted application

C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\SoftonicDownloader_for_able-photo-resizer.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application

C:\Users\hardwick\Desktop\Alpaca Mail lists\Alpaca Info Sheets\Walk with alpacas\SoftonicDownloader_for_faststone-image-viewer.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application

C:\Users\hardwick\Desktop\Misc Temp Desktop files\Setup (1).exe Win32/AdWare.iBryte.G application

C:\Users\hardwick\Desktop\Misc Temp Desktop files\tb_Auction_Raptor.exe a variant of Win32/Wajam.F potentially unwanted application

C:\Users\hardwick\Downloads\ccsetup312 (1).exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Users\hardwick\Downloads\ccsetup312.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Users\hardwick\Downloads\cnet2_flactomp3converter42_exe (1).exe a variant of Win32/InstallCore.D potentially unwanted application

C:\Users\hardwick\Downloads\cnet2_flactomp3converter42_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
Link to post
Share on other sites

The detected files have nothing to do with the banking trojan.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

There aren´t any signs of Tatanga being on your system. Malwarebytes detects a potentially unwanted setting that has nothing to do with it.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

 

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2



  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by hardwick on 23/04/2014 at 10:22:29.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] application updater 

Successfully deleted: [service] application updater 

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\speedupmypc_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\speedupmypc_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\hardwick\AppData\Roaming\nosibay"

Failed to delete: [Folder] "C:\Users\hardwick\AppData\Roaming\slick savings"

Successfully deleted: [Folder] "C:\Users\hardwick\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\hardwick\appdata\locallow\search settings"

Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"

Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadeals"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie"

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"

Successfully deleted: [Folder] "C:\Program Files (x86)\nosibay"

Successfully deleted: [Folder] "C:\Program Files (x86)\vuze remote toolbar"

Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Users\hardwick\AppData\Roaming\mozilla\firefox\profiles\mt0zvmh2.default\user.js

Successfully deleted: [Folder] C:\Users\hardwick\AppData\Roaming\mozilla\firefox\profiles\mt0zvmh2.default\extensions\savingsslider@mybrowserbar.com

Emptied folder: C:\Users\hardwick\AppData\Roaming\mozilla\firefox\profiles\mt0zvmh2.default\minidumps [3 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23/04/2014 at 10:25:53.23

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

security check to follow next

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.