Malware Problems with my PC
I've just been giving the PC a run and while it is a Little Faster ,It is slow compared to it's uninfected state.I am still getting Host Alerts,and Firefox is still very slow and occasionally Will Not Respond ie the screen goes black,for 3/4 seconds.I believe the Nero Prog Slows the Startup.At some stage I'm thinking that this could be deleted.
That's it for now.
Many Thanks,
laudorum
Malware Problems with my PC
Hi Juliet,
Thanks for your last post.with regard to microsoft securitr essentials the prog is asking me to uninstall all AV and AMW progs.Is this OK to do.
Can you let me know.
Malware Problems with my PC
Firstly,STOPZilla is uninstalled.I down/L MSE and ran the prog.The Virus & Spyware definitions could'nt be updated.Do I need To Uninstall all AV & AMW progs,at this stage.
Every time I Download something,I get a lot of alerts from my firewall,and I have to be careful that I don't let Nasties in.I presume this is due to the Trojans & Hijackers on my PC?
Regards
laudorum
Malware Problems with my PC
Hi Juliet,Thanks for your post.As requested I have now deleted all AV & AMw progs.This took me longer than I anticipated,since most of the files seemed to be corrupted.When I clicked on the Icon and then Clicked on the Permission window I got a new window which said "error 5-Access is Denied".
So i had to do A forced uninstall with 10bit uninstaller.
I downloaded TFC and MBAM,And Ran Them.MBAM showed No Infections.I followed It up With a Full scan,With The same result.
MBAM LOGMalwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.09.03
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stephen :: RODLEY [administrator]
09/03/2014 05:34:50
mbam-log-2014-03-09 (05-34-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 250092
Time elapsed: 12 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Malware Problems with my PC
PC is still very slow to bootup and I'm having problems with Firefox not responding(again this is very slow and Can't be rushed or the screen goes blank)
I'm still missing 200Gb of disc(this probably goes some way to explaining the slow response)
I've spent a lot of time going through the files,and have found a couple of things That don't look Right.
FirstlyThere's a File I can't Access"system volume information".the folder is showing empty,but will not delete,even after adjusting the permissions.
Can this have anything to do with the missing disc space?
Also i've been looking at the quicktime files and see an awful lot of recent file dates.I have not updated this prog or even opened it.It's not a prog I use very much.So I don't know What's happening there!
Is there another Av Prog you would reccomend (I don't mind paying for it),for my peace of mind.
So overall, despite your good,and very helpfull efforts, the performance is nowhere near what it was.
1 Attachment(s)
Malware Problems with my PC
Sorry for the delay in posting,It's been one of those days.
As requested I attach combofix logs:-
ComboFix 14-03-10.01 - Stephen 10/03/2014 19:09:48.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1505 [GMT 0:00]
Running from: c:\users\Stephen\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 )))))))))))))))))))))))))))))))
.
.
2014-03-10 19:23 . 2014-03-10 19:23 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2014-03-10 19:23 . 2014-03-10 19:23 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2014-03-10 19:23 . 2014-03-10 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 12:06 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72FABEA3-ED12-4B51-B4C6-E7566D748120}\mpengine.dll
2014-03-09 17:50 . 2014-03-09 17:50 -------- d-----w- c:\users\Stephen\AppData\Roaming\SUPERAntiSpyware.com
2014-03-09 16:29 . 2014-03-09 16:29 -------- d-----w- c:\programdata\ProductData
2014-03-09 06:12 . 2014-03-09 06:12 -------- d-----w- c:\programdata\WindowsSearch
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 00:19 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-09 00:16 . 2014-03-09 00:16 -------- d-----w- c:\program files\Microsoft Security Client
2014-03-08 16:35 . 2014-03-08 16:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 12:53 . 2014-03-08 12:53 -------- d-----w- c:\windows\ERUNT
2014-03-07 23:46 . 2014-03-08 12:11 -------- d-----w- C:\FRST
2014-03-05 00:16 . 2010-03-08 10:10 9216 ----a-w- c:\windows\system32\ffnd.exe
2014-03-01 19:09 . 2013-11-05 14:38 274432 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-01 19:09 . 2013-11-05 14:38 1122304 ----a-w- c:\windows\system32\libeay32.dll
2014-03-01 19:09 . 2012-12-10 11:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-03-01 19:09 . 2012-12-10 11:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-02-28 18:49 . 2014-02-28 18:49 -------- d-----w- c:\users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-27 18:13 . 2014-02-27 18:13 -------- d-----w- c:\users\Stephen\Coop
2014-02-26 08:53 . 2014-03-01 09:28 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-25 18:15 . 2014-03-09 19:55 -------- d-----w- c:\users\Stephen\AbiSuite
2014-02-25 18:14 . 2014-02-27 12:51 -------- d-----w- c:\program files\AbiWord
2014-02-25 16:23 . 2014-02-25 16:35 -------- d-----w- c:\users\Stephen\AppData\Roaming\1H1Q
2014-02-25 09:40 . 2014-02-25 10:41 -------- d-----w- c:\users\Stephen\AppData\Local\CrashDumps
2014-02-24 17:30 . 2014-02-24 17:30 -------- d-----w- c:\program files\AVG
2014-02-24 03:13 . 2014-03-08 12:36 -------- d-----w- C:\AdwCleaner
2014-02-23 15:34 . 2010-05-13 17:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2014-02-22 06:43 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 06:08 . 2014-02-22 06:08 -------- d-----w- c:\users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 . 2014-02-22 06:04 -------- d-----w- c:\users\Stephen\AppData\Local\MFAData
2014-02-22 06:04 . 2014-02-22 06:04 -------- d-----w- c:\users\Stephen\AppData\Local\Avg2014
2014-02-22 04:44 . 2013-09-29 21:24 130568 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\programdata\Privacyware
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\program files\Privacyware
2014-02-22 03:49 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6F44954-D839-4401-A1D9-9517F6A307DD}\mpengine.dll
2014-02-22 01:45 . 2014-02-22 01:45 -------- d-----w- c:\users\Stephen\AppData\Roaming\SecureSearch
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-02-18 23:24 . 2014-02-27 16:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-02-12 07:52 . 2014-02-12 07:55 -------- d-----w- c:\users\Stephen\Blank Cd's
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 09:42 . 2012-05-10 17:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 09:42 . 2011-06-10 08:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2009-10-03 14:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-17 03:14 . 2014-01-17 03:14 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-08 15:54 . 2014-01-23 06:43 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-03 10:00 . 2013-09-27 00:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-01 16:49 . 2008-03-08 19:56 317240 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 16:49 . 2014-01-01 16:49 83808 ----a-w- c:\windows\system32\NicInE6.dll
2014-01-01 16:49 . 2014-01-01 16:49 28272 ----a-w- c:\windows\system32\NicCo26.dll
2014-01-01 16:49 . 2014-01-01 16:49 232296 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2014-01-01 16:49 . 2014-01-01 16:49 121440 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 16:12 . 2014-01-01 16:12 319456 ----a-w- c:\windows\system32\Difxapi.dll
2014-01-01 16:12 . 2014-01-01 16:12 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-01-01 16:12 . 2014-01-01 16:12 48544 ----a-w- c:\windows\system32\atiuxpag.dll
2014-01-01 16:12 . 2008-03-08 19:56 4782960 ----a-w- c:\windows\system32\atiumdva.dll
2014-01-01 16:11 . 2014-01-01 16:11 38768 ----a-w- c:\windows\system32\atiu9pag.dll
2014-01-01 16:11 . 2014-01-01 16:11 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 1978240 ----a-w- c:\windows\system32\atiumdmv.dll
2014-01-01 16:11 . 2008-03-08 19:56 6288832 ----a-w- c:\windows\system32\atiumdag.dll
2014-01-01 16:11 . 2014-01-01 16:11 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2014-01-01 16:11 . 2014-01-01 16:11 294912 ----a-w- c:\windows\system32\ATIODE.exe
2014-01-01 16:11 . 2014-01-01 16:11 20992 ----a-w- c:\windows\system32\atimuixx.dll
2014-01-01 16:11 . 2014-01-01 16:11 19584512 ----a-w- c:\windows\system32\atioglxx.dll
2014-01-01 16:11 . 2008-03-08 19:56 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\atimpc32.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\amdpcom32.dll
2014-01-01 16:11 . 2014-01-01 16:11 453632 ----a-w- c:\windows\system32\atieclxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-01-01 16:11 . 2014-01-01 16:11 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-01-01 16:11 . 2014-01-01 16:11 929736 ----a-w- c:\windows\system32\aticfx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 6857392 ----a-w- c:\windows\system32\atidxx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2014-01-01 16:11 . 2014-01-01 16:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-01-01 16:11 . 2014-01-01 16:11 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2014-01-01 16:11 . 2014-01-01 16:11 44544 ----a-w- c:\windows\system32\aticalcl.dll
2014-01-01 16:11 . 2014-01-01 16:11 118784 ----a-w- c:\windows\system32\atibtmon.exe
2014-01-01 16:11 . 2014-01-01 16:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-01-01 16:11 . 2014-01-01 16:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2014-01-01 16:11 . 2008-03-08 19:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-12-24 10:40 . 2014-01-23 06:43 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-12 16:58 . 2013-12-12 16:58 82432 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2013-12-12 16:58 . 2013-12-12 16:58 44544 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2013-12-12 16:58 . 2013-12-12 16:58 1275392 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Nero MediaHome 4"="c:\program files\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" [2010-03-08 5174568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-06 00:52 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 09:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-08 12:21 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 15:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2010-03-08 09:38 5174568 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 08:12 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 09:42]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3c,38,f2,0f,7a,b6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
.
Completion time: 2014-03-10 19:27:16
ComboFix-quarantined-files.txt 2014-03-10 19:27
ComboFix2.txt 2014-03-10 19:01
.
Pre-Run: 236,396,142,592 bytes free
Post-Run: 236,315,357,184 bytes free
.
- - End Of File - - 363E68B60B0196083F67F6E473429CB0
5C616939100B85E558DA92B899A0FC36