Malware problems with my PC

[laudorum]

Malware Problems with my PC

Hi Juliet,
Private Firewall is Free.Previously I used comodo,but I found Private gives me more control,Plus It gives me a fresh start,so I can keep better track of what's Trying To get in and,of course out.
I don't notice any difference in bootup time when I exit the prog.
I have deleted Quicktime and Nero(Wireless)on a temporary basis,just to see if they have any effect on my problems.

As requested I have completed all the scans,But Please note that I was unable to save the TDSSKiller Results.The Prog would not let me copy & paste.ComboFix 14-03-10.01 - Stephen 11/03/2014 1:54.1.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1524 [GMT 0:00]
Running from: c:\users\Stephen\Desktop\ComboFix.exe
Command switches used :: c:\users\Stephen\Desktop\Combofix Instructions\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\IObitSmartDefragExtension.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG
c:\program files\AVG\AVG2014\avg.snu
c:\users\Stephen\AppData\Local\Avg2014
c:\windows\system32\IObitSmartDefragExtension.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-02-11 to 2014-03-11 )))))))))))))))))))))))))))))))
.
.
2014-03-11 02:07 . 2014-03-11 02:07 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2014-03-11 02:07 . 2014-03-11 02:07 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2014-03-11 02:07 . 2014-03-11 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 19:33 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EF80AFF-28A4-46BB-AC54-62F77BEC0BCB}\mpengine.dll
2014-03-09 17:50 . 2014-03-09 17:50 -------- d-----w- c:\users\Stephen\AppData\Roaming\SUPERAntiSpyware.com
2014-03-09 16:29 . 2014-03-09 16:29 -------- d-----w- c:\programdata\ProductData
2014-03-09 06:12 . 2014-03-09 06:12 -------- d-----w- c:\programdata\WindowsSearch
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 00:19 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-09 00:16 . 2014-03-09 00:16 -------- d-----w- c:\program files\Microsoft Security Client
2014-03-08 16:35 . 2014-03-08 16:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 12:53 . 2014-03-08 12:53 -------- d-----w- c:\windows\ERUNT
2014-03-07 23:46 . 2014-03-08 12:11 -------- d-----w- C:\FRST
2014-03-05 00:16 . 2010-03-08 10:10 9216 ----a-w- c:\windows\system32\ffnd.exe
2014-03-01 19:09 . 2013-11-05 14:38 274432 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-01 19:09 . 2013-11-05 14:38 1122304 ----a-w- c:\windows\system32\libeay32.dll
2014-03-01 19:09 . 2012-12-10 11:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-03-01 19:09 . 2012-12-10 11:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-02-28 18:49 . 2014-02-28 18:49 -------- d-----w- c:\users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-27 18:13 . 2014-02-27 18:13 -------- d-----w- c:\users\Stephen\Coop
2014-02-26 08:53 . 2014-03-01 09:28 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-25 18:15 . 2014-03-09 19:55 -------- d-----w- c:\users\Stephen\AbiSuite
2014-02-25 18:14 . 2014-02-27 12:51 -------- d-----w- c:\program files\AbiWord
2014-02-25 16:23 . 2014-02-25 16:35 -------- d-----w- c:\users\Stephen\AppData\Roaming\1H1Q
2014-02-25 09:40 . 2014-02-25 10:41 -------- d-----w- c:\users\Stephen\AppData\Local\CrashDumps
2014-02-24 03:13 . 2014-03-08 12:36 -------- d-----w- C:\AdwCleaner
2014-02-23 15:34 . 2010-05-13 17:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2014-02-22 06:43 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 06:08 . 2014-02-22 06:08 -------- d-----w- c:\users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 . 2014-02-22 06:04 -------- d-----w- c:\users\Stephen\AppData\Local\MFAData
2014-02-22 04:44 . 2013-09-29 21:24 130568 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\programdata\Privacyware
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\program files\Privacyware
2014-02-22 03:49 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6F44954-D839-4401-A1D9-9517F6A307DD}\mpengine.dll
2014-02-22 01:45 . 2014-02-22 01:45 -------- d-----w- c:\users\Stephen\AppData\Roaming\SecureSearch
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-02-18 23:24 . 2014-02-27 16:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-02-12 07:52 . 2014-02-12 07:55 -------- d-----w- c:\users\Stephen\Blank Cd's
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 09:42 . 2012-05-10 17:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 09:42 . 2011-06-10 08:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2009-10-03 14:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-17 03:14 . 2014-01-17 03:14 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-03 10:00 . 2013-09-27 00:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-01 16:49 . 2008-03-08 19:56 317240 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 16:49 . 2014-01-01 16:49 83808 ----a-w- c:\windows\system32\NicInE6.dll
2014-01-01 16:49 . 2014-01-01 16:49 28272 ----a-w- c:\windows\system32\NicCo26.dll
2014-01-01 16:49 . 2014-01-01 16:49 232296 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2014-01-01 16:49 . 2014-01-01 16:49 121440 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 16:12 . 2014-01-01 16:12 319456 ----a-w- c:\windows\system32\Difxapi.dll
2014-01-01 16:12 . 2014-01-01 16:12 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-01-01 16:12 . 2014-01-01 16:12 48544 ----a-w- c:\windows\system32\atiuxpag.dll
2014-01-01 16:12 . 2008-03-08 19:56 4782960 ----a-w- c:\windows\system32\atiumdva.dll
2014-01-01 16:11 . 2014-01-01 16:11 38768 ----a-w- c:\windows\system32\atiu9pag.dll
2014-01-01 16:11 . 2014-01-01 16:11 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 1978240 ----a-w- c:\windows\system32\atiumdmv.dll
2014-01-01 16:11 . 2008-03-08 19:56 6288832 ----a-w- c:\windows\system32\atiumdag.dll
2014-01-01 16:11 . 2014-01-01 16:11 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2014-01-01 16:11 . 2014-01-01 16:11 294912 ----a-w- c:\windows\system32\ATIODE.exe
2014-01-01 16:11 . 2014-01-01 16:11 20992 ----a-w- c:\windows\system32\atimuixx.dll
2014-01-01 16:11 . 2014-01-01 16:11 19584512 ----a-w- c:\windows\system32\atioglxx.dll
2014-01-01 16:11 . 2008-03-08 19:56 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\atimpc32.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\amdpcom32.dll
2014-01-01 16:11 . 2014-01-01 16:11 453632 ----a-w- c:\windows\system32\atieclxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-01-01 16:11 . 2014-01-01 16:11 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-01-01 16:11 . 2014-01-01 16:11 929736 ----a-w- c:\windows\system32\aticfx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 6857392 ----a-w- c:\windows\system32\atidxx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2014-01-01 16:11 . 2014-01-01 16:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-01-01 16:11 . 2014-01-01 16:11 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2014-01-01 16:11 . 2014-01-01 16:11 44544 ----a-w- c:\windows\system32\aticalcl.dll
2014-01-01 16:11 . 2014-01-01 16:11 118784 ----a-w- c:\windows\system32\atibtmon.exe
2014-01-01 16:11 . 2014-01-01 16:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-01-01 16:11 . 2014-01-01 16:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2014-01-01 16:11 . 2008-03-08 19:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-12-24 10:40 . 2014-01-23 06:43 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-12 16:58 . 2013-12-12 16:58 82432 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2013-12-12 16:58 . 2013-12-12 16:58 44544 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2013-12-12 16:58 . 2013-12-12 16:58 1275392 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Nero MediaHome 4"="c:\program files\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" [2010-03-08 5174568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-06 00:52 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 09:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-08 12:21 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 15:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2010-03-08 09:38 5174568 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 08:12 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 09:42]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-11 02:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3c,38,f2,0f,7a,b6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
.
Completion time: 2014-03-11 02:11:08
ComboFix-quarantined-files.txt 2014-03-11 02:11
ComboFix2.txt 2014-03-10 19:27
ComboFix3.txt 2014-03-10 19:01
.
Pre-Run: 236,579,205,120 bytes free
Post-Run: 236,506,599,424 bytes free
.
- - End Of File - - 3AE33764BAA52833FFAEB980827E136E
5C616939100B85E558DA92B899A0FC36

TDSSkiller threats=0,objects=0
Hijack this log to follow in next post

 

[laudorum]

Malware Problems with my PC

HijackThis Log:-


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:25:44, on 11/03/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Stephen\Desktop\Assort. Virus Progs Etc\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nero MediaHome 4] "C:\PROGRAM FILES\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" /AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - Unknown owner - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (file missing)
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 6930 bytes

 

[Juliet]

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete it is very important that you enable Real-time Protection again.


The below are optional fixes, by removing them from your start ups list this can improve boot up time and open up resources.
All these items can researched here http://www.bleepingcomputer.com/startups/

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (file missing)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nero MediaHome 4] "C:\PROGRAM FILES\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" /AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe


Now please reboot your computer to set the registry.

Please post back and let me know if there is any improvements.

 

[laudorum]

Malware Problems with my PC

Thanks Again for your Post,I appreciate your help.
I have deleted the Items with HIjack this,so we'll see how it goes.
One thing I did forget to mention,is that Windows updater will not stay on automatic,despite reseting it numerous times.I have no choice but to do the updating manually and I get a lot of errors eg 80070490,despite using the windows Hotfix.
Will report back soon.
Best Regards.
Laudorum

 

[Juliet]

See if any of these items can help.


Is this the hotfix you used?
http://support.microsoft.com/mats/windows_update/

System Update Readiness Tool for Windows Vista
http://www.microsoft.com/en-us/download/details.aspx?id=504


Run the System Update Readiness tool
http://support.microsoft.com/kb/958044


Try running the System File Checker

Go to Start -> All Programs -> Accessories, then right-click "Command Prompt" and choose "Run as Administrator."
Enter the command "sfc /scannow" when the black command prompt window appears, then hit enter.
Let the scan complete...then restart your notebook and try running updates again.

 

[laudorum]

Malware Problems with My PC

Hi Juliet,Sorry for not replying,But I've got the 'Flu.
I also lost Firefox,and all my bookmarks.I have them on a backup disc somewhere,so all is not lost.
when I'm feeling a Bit Better I will run another MBAM scan,Since I've got a lot of Pup's being installed,And a lot of Alerts popping up on my firewall.
I have managed to delete some,but the same ones seem to keep coming back eg Bubbledock,Conduit,Search project and Plurpush.
I'm going to bed now,so talk to you later.
Regards laudorum

 

[Juliet]

So sorry to hear your sick, please get well soon.

When your ready to continue please let me know.

 

[laudorum]

Malware Problems with My PC

Hi Juliet,
Back again in the land of the living,to get some more help Please.
I've tried all the fixes in your post of 12 03 14 and am still can't get Updates,for windows.
The HotFix I used is the one specifically for Vista.When I run it, I get a runtime error code 80070005.
The system update readiness tool I used was for the 32bit system(KB947821),and this ran for2 hours or so and reported that the updates had been installed.However I still get notifications telling me that updates cannot be installed automatically, despite the Auto update setting in the control panel.
The troubleshooting tool(KB958044),when run,reported that it could not continue because an error had occured(code 80070005).
I also tried the the system file checker,following your instructions,and got a dialog box telling me"The System cannot find the path specified",so all in all,not a good result.
I cannot open MBAM,to run a scan,despite this being the latest version with the chameleon update,which is supposed to stop MBAM being Hijacked by malware.The dialog box reported that:-"windows cannot access the specified device,path or file-you may not have the appropriate permissions to access this item".I attempted to delete the program,in order to reinstall,but no luck! a dialog box advised me "error 5 unable to create a temp file- access is denied".
So I thought I'd try MSE,but guess what,The Prog was unable to instal updates,Error code 0x80070002,which directs you to the fixit gizmo which won't run!
The only Programs I have added is Advanced Uninstaller Pro,which I used to get rid of the IObit uninstaller,which had also stopped working,and to delete some PUPS ie nosibay,bubbledock etc,and to reinstall Quicktime.
The strange thing is that my son uses this PC a lot,and has not reported anything amiss,other than The PC being a little slow and taking longer to boot up.I should mention that my son knows about the problems I'm having,and is quite PC savvy.he used to work on PC's for a Living,ie Data Input and word processing.
On top of the other problems I can't get My PC to see my expansion drive.
I Would Really Appreciate some help,as I still feel that I've got something nasty lurking on my PC.
Almost forgot I Downloaded the Microsoft Malicious Software Removal Tool,and to my surprise No Infection
look forward to your reply.
Regards,Laudorum

 

[Juliet]

When you ran TDSSKiller, can you recall if it had found anything?

What happens if you boot into safe mode to run tools, are they stopped here as well?

http://www.bleepingcomputer.com/forums/t/509474/reset-all-user-permissions-to-default/
Reset All User Permissions To Default

Please download Farbar Service Scanner and run it on the computer.

Make sure the following options are checked:
[*]Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

~~~~~~~~~~~~~~~

Please download Malwarebytes AntiRootkit and save it to your desktop.

Full instructions how to use MBAR
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

• Click on Next > then on Update button to download fresh definitions.

• When database updates click Next

• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"

• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.


• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

>> Please copy and paste the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.

If you cannot do this in normal mode, please try to run the tool in safe mode.

 

[laudorum]

Malware Problems with My PC

Juliet,thanks for speedy reply,but just a point,Today I have been having internet connection problems,and had to contact my ISP.
I was trying to update MSE again and got to the Install section,90% finished when a dialog box opened,saying error 0x80072efd, and at the same time,the Internet connection stopped.I repaired the connection and tried again,and the same thing happened,but this time i could not get the internet connection established,and had to contact my ISP.
Internet Connection Is fine now,but I wonder if this may have been something to do with the problems I have been experiencing recently?
I have just checked MBAM and it opens fine and is running.
I Will wait till I hear from You,before I do anything else.
Regards

 

[Juliet]

It very well could had been your ISP provider, we'll never know.

When you ran TDSSKiller, can you recall if it had found anything?



Please download Farbar Service Scanner and run it on the computer.

Make sure the following options are checked:
[*]Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

~~~~~~~~~~~~~~~

and post the log from MBAR scan

 

[laudorum]

Malware Problems with My PC

In reply to your post,TDSkiller didn't find any threats on the first run.Just ran it again with same result.

farbar scan:-

rbar Service Scanner Version: 25-02-2014
Ran by Stephen (administrator) on 22-03-2014 at 15:53:28
Running from "C:\Users\Stephen\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

MBAR Scan(System-log txt):-


Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2144567296, free: 966811648

Downloaded database version: v2014.03.22.07
Downloaded database version: v2014.03.18.01
Initializing...
======================
------------ Kernel report ------------
03/22/2014 16:02:53
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\pwipf6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\sfloppy.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\WinUSB.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E617D6E9-7783-4B84-8FCE-84E27C26B604}\MpKsl9a407056.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff86de1508
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff867ffa00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff86997ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff86f9f638
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff868276b0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xffffffff86e2ccb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86dcaac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xffffffff86827030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff853c5468
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff84895028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff853c5468, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff853c5158, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff853c5468, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84895028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70000000

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 128457

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 129024 Numsec = 31457280

Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31586304 Numsec = 945184768
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86dcaac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff867ed6f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86dcaac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86827030, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff868276b0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86823d20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff868276b0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86e2ccb8, DeviceName: \Device\00000064\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff86997ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86fe3710, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86997ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86f9f638, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff86de1508, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d06818, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86de1508, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff867ffa00, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-31586304-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

MBAR log(03 22 14):-


Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.22.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stephen :: RODLEY [administrator]

22/03/2014 16:02:59
mbar-log-2014-03-22 (16-02-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 243424
Time elapsed: 17 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Hope these help

 

[Juliet]

It shows me clean.

OK, let's back tract, what issues are you having today?

 

[laudorum]

Malware Problems with My PCHi

Hi again,I am now convinced that the PC is clean,nevertheless I am down 200Gb.
I tried updating MSE again without success and didn't loose the Internet connection this time,but since it's not doing it's got to go.Any recommendations?
Apart from those the PC is working OK,albeit a little slow.
I really appreciate your efforts to help me.
Regards Laudorum

 

[Juliet]

No clue what happened to MSE, it must have been corrupted in download due to be internet service.
You can try to uninstall, reinstall, or try a different antivirus

Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

• Microsoft Security Essentials
• AVAST Home Edition
• AntiVir Personal

~~~~~~~~~~~~~~~~~~~~~~

Download Windows Repair (all in one) from this site

Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following items and tick restart system when finished

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode

After that come back and tell me if that has made a difference.

 

[Juliet]

Still need help?

 

[laudorum]

Malware Problems with My PC

Sorry I didn't get back to you sooner,but I've been ill again,can't seem to shake this bug off,so please bear with me if I don't reply promptly.
PC is a little faster,but still not as fast as it was before original posting.
D/L Avast and after running reported:-"Win32 adware gen"Malware.
Auto updating seems to be working-No more Alerts.
Still can't get my PC to "see" my expansion drive-Any Idea's
Whilst deleting MSE in programs and features section of control panel,I noticed a number of files I've not seen there before:-
AVG2011-17 items
AVG2012-3 items
CCC Help-6 items
No owner or date is shown for any of the above files,as would be normal,and they cannot be deleted,nor do they have properties-very strange.
As i recall, these may have been files I thought I had deleted or shredded with Spybot.This would be before my first posting when I was having a Spring clean.
I've checked in BIOS and the disc size is shown as 500Gb,so is it possible that my hard drive is the problem?I know I'm of an age where my memory isn't as good as it was,but I am convinced I had 700Gb of disc space.
Regards,Laudorum

 

[Juliet]

Did you run Windows Repair (all in one)?

AVG2011-17 items <--Left overs from a previous uninstall
AVG2012-3 items <--Left overs from a previous uninstall
CCC Help-6 items <-- are Microsoft installed.

AVG Remover
scroll down to utilities
http://www.avg.com/us-en/utilities

is it possible that my hard drive is the problem?

I'm afraid so but I have nothing that I can confirm this with.

Please run this security check for my review.

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[laudorum]

Malware Problems with My PC

Hi Juliet ,Yea I did a scan with Windows Repair,Do you want me to post The Log
Regards, Laudorum

 

[Juliet]

Hi Juliet ,Yea I did a scan with Windows Repair,Do you want me to post The Log
Regards, Laudorum

Only if it threw out errors.

Did you run Security Check?