-
Malware Problems with my PC
Hi Juliet,
Private Firewall is Free.Previously I used comodo,but I found Private gives me more control,Plus It gives me a fresh start,so I can keep better track of what's Trying To get in and,of course out.
I don't notice any difference in bootup time when I exit the prog.
I have deleted Quicktime and Nero(Wireless)on a temporary basis,just to see if they have any effect on my problems.
As requested I have completed all the scans,But Please note that I was unable to save the TDSSKiller Results.The Prog would not let me copy & paste.ComboFix 14-03-10.01 - Stephen 11/03/2014 1:54.1.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1524 [GMT 0:00]
Running from: c:\users\Stephen\Desktop\ComboFix.exe
Command switches used :: c:\users\Stephen\Desktop\Combofix Instructions\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\IObitSmartDefragExtension.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG
c:\program files\AVG\AVG2014\avg.snu
c:\users\Stephen\AppData\Local\Avg2014
c:\windows\system32\IObitSmartDefragExtension.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-02-11 to 2014-03-11 )))))))))))))))))))))))))))))))
.
.
2014-03-11 02:07 . 2014-03-11 02:07 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2014-03-11 02:07 . 2014-03-11 02:07 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2014-03-11 02:07 . 2014-03-11 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 19:33 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EF80AFF-28A4-46BB-AC54-62F77BEC0BCB}\mpengine.dll
2014-03-09 17:50 . 2014-03-09 17:50 -------- d-----w- c:\users\Stephen\AppData\Roaming\SUPERAntiSpyware.com
2014-03-09 16:29 . 2014-03-09 16:29 -------- d-----w- c:\programdata\ProductData
2014-03-09 06:12 . 2014-03-09 06:12 -------- d-----w- c:\programdata\WindowsSearch
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 00:19 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-09 00:16 . 2014-03-09 00:16 -------- d-----w- c:\program files\Microsoft Security Client
2014-03-08 16:35 . 2014-03-08 16:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 12:53 . 2014-03-08 12:53 -------- d-----w- c:\windows\ERUNT
2014-03-07 23:46 . 2014-03-08 12:11 -------- d-----w- C:\FRST
2014-03-05 00:16 . 2010-03-08 10:10 9216 ----a-w- c:\windows\system32\ffnd.exe
2014-03-01 19:09 . 2013-11-05 14:38 274432 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-01 19:09 . 2013-11-05 14:38 1122304 ----a-w- c:\windows\system32\libeay32.dll
2014-03-01 19:09 . 2012-12-10 11:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-03-01 19:09 . 2012-12-10 11:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-02-28 18:49 . 2014-02-28 18:49 -------- d-----w- c:\users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-27 18:13 . 2014-02-27 18:13 -------- d-----w- c:\users\Stephen\Coop
2014-02-26 08:53 . 2014-03-01 09:28 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-25 18:15 . 2014-03-09 19:55 -------- d-----w- c:\users\Stephen\AbiSuite
2014-02-25 18:14 . 2014-02-27 12:51 -------- d-----w- c:\program files\AbiWord
2014-02-25 16:23 . 2014-02-25 16:35 -------- d-----w- c:\users\Stephen\AppData\Roaming\1H1Q
2014-02-25 09:40 . 2014-02-25 10:41 -------- d-----w- c:\users\Stephen\AppData\Local\CrashDumps
2014-02-24 03:13 . 2014-03-08 12:36 -------- d-----w- C:\AdwCleaner
2014-02-23 15:34 . 2010-05-13 17:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2014-02-22 06:43 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 06:08 . 2014-02-22 06:08 -------- d-----w- c:\users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 . 2014-02-22 06:04 -------- d-----w- c:\users\Stephen\AppData\Local\MFAData
2014-02-22 04:44 . 2013-09-29 21:24 130568 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\programdata\Privacyware
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\program files\Privacyware
2014-02-22 03:49 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6F44954-D839-4401-A1D9-9517F6A307DD}\mpengine.dll
2014-02-22 01:45 . 2014-02-22 01:45 -------- d-----w- c:\users\Stephen\AppData\Roaming\SecureSearch
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-02-18 23:24 . 2014-02-27 16:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-02-12 07:52 . 2014-02-12 07:55 -------- d-----w- c:\users\Stephen\Blank Cd's
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 09:42 . 2012-05-10 17:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 09:42 . 2011-06-10 08:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2009-10-03 14:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-17 03:14 . 2014-01-17 03:14 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-03 10:00 . 2013-09-27 00:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-01 16:49 . 2008-03-08 19:56 317240 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 16:49 . 2014-01-01 16:49 83808 ----a-w- c:\windows\system32\NicInE6.dll
2014-01-01 16:49 . 2014-01-01 16:49 28272 ----a-w- c:\windows\system32\NicCo26.dll
2014-01-01 16:49 . 2014-01-01 16:49 232296 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2014-01-01 16:49 . 2014-01-01 16:49 121440 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 16:12 . 2014-01-01 16:12 319456 ----a-w- c:\windows\system32\Difxapi.dll
2014-01-01 16:12 . 2014-01-01 16:12 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-01-01 16:12 . 2014-01-01 16:12 48544 ----a-w- c:\windows\system32\atiuxpag.dll
2014-01-01 16:12 . 2008-03-08 19:56 4782960 ----a-w- c:\windows\system32\atiumdva.dll
2014-01-01 16:11 . 2014-01-01 16:11 38768 ----a-w- c:\windows\system32\atiu9pag.dll
2014-01-01 16:11 . 2014-01-01 16:11 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 1978240 ----a-w- c:\windows\system32\atiumdmv.dll
2014-01-01 16:11 . 2008-03-08 19:56 6288832 ----a-w- c:\windows\system32\atiumdag.dll
2014-01-01 16:11 . 2014-01-01 16:11 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2014-01-01 16:11 . 2014-01-01 16:11 294912 ----a-w- c:\windows\system32\ATIODE.exe
2014-01-01 16:11 . 2014-01-01 16:11 20992 ----a-w- c:\windows\system32\atimuixx.dll
2014-01-01 16:11 . 2014-01-01 16:11 19584512 ----a-w- c:\windows\system32\atioglxx.dll
2014-01-01 16:11 . 2008-03-08 19:56 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\atimpc32.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\amdpcom32.dll
2014-01-01 16:11 . 2014-01-01 16:11 453632 ----a-w- c:\windows\system32\atieclxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-01-01 16:11 . 2014-01-01 16:11 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-01-01 16:11 . 2014-01-01 16:11 929736 ----a-w- c:\windows\system32\aticfx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 6857392 ----a-w- c:\windows\system32\atidxx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2014-01-01 16:11 . 2014-01-01 16:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-01-01 16:11 . 2014-01-01 16:11 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2014-01-01 16:11 . 2014-01-01 16:11 44544 ----a-w- c:\windows\system32\aticalcl.dll
2014-01-01 16:11 . 2014-01-01 16:11 118784 ----a-w- c:\windows\system32\atibtmon.exe
2014-01-01 16:11 . 2014-01-01 16:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-01-01 16:11 . 2014-01-01 16:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2014-01-01 16:11 . 2008-03-08 19:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-12-24 10:40 . 2014-01-23 06:43 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-12 16:58 . 2013-12-12 16:58 82432 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2013-12-12 16:58 . 2013-12-12 16:58 44544 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2013-12-12 16:58 . 2013-12-12 16:58 1275392 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Nero MediaHome 4"="c:\program files\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" [2010-03-08 5174568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-06 00:52 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 09:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-08 12:21 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 15:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2010-03-08 09:38 5174568 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 08:12 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 09:42]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-11 02:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3c,38,f2,0f,7a,b6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
.
Completion time: 2014-03-11 02:11:08
ComboFix-quarantined-files.txt 2014-03-11 02:11
ComboFix2.txt 2014-03-10 19:27
ComboFix3.txt 2014-03-10 19:01
.
Pre-Run: 236,579,205,120 bytes free
Post-Run: 236,506,599,424 bytes free
.
- - End Of File - - 3AE33764BAA52833FFAEB980827E136E
5C616939100B85E558DA92B899A0FC36
TDSSkiller threats=0,objects=0
Hijack this log to follow in next post
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
