Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I think i have a trojan virus [Solved]

Started by mrpooh3 , Jan 16 2014 07:10 AM

This topic is locked

#16
mrpooh3

Posted 01 February 2014 - 04:10 PM

Member

Topic Starter
Member
281 posts

Yes thanks,I will try a few reboots and see if it reappears.
I will also do a malwarebytes scan.

#17
Essexboy

Posted 01 February 2014 - 04:56 PM

GeekU Moderator

Retired Staff
69,964 posts

The ones in quarantine will remain there unless you get MBAM to delete them.. I will clear the quarantine at the end

#18
mrpooh3

Posted 01 February 2014 - 08:19 PM

Member

Topic Starter
Member
281 posts

Hi Essexboy,it is still coming on at startup....my malwarebytes log is now showing 4 detections again.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Allybongo :: ALLYBONGO-PC [administrator]

Protection: Disabled

01/02/2014 22:11:30
MBAM-log-2014-02-01 (22-53-56).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339395
Time elapsed: 36 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Allybongo\AppData\Local\Temp\GoogleSetup\libcurl-4.dll (Trojan.Miner) -> No action taken.
C:\Users\Allybongo\AppData\Local\Temp\GoogleSetup\setup.exe (PUP.BitCoinMiner) -> No action taken.
C:\_OTL\MovedFiles\01312014_201440\C_Users\Allybongo\AppData\Local\Temp\GoogleSetup\libcurl-4.dll (Trojan.Miner) -> No action taken.
C:\_OTL\MovedFiles\01312014_201440\C_Users\Allybongo\AppData\Local\Temp\GoogleSetup\setup.exe (PUP.BitCoinMiner) -> No action taken.

(end)

#19
Essexboy

Posted 02 February 2014 - 06:22 AM

GeekU Moderator

Retired Staff
69,964 posts

OK I will now kill all Google folders, could you post the fix log that pops up on reboot please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
2014-01-15 20:57 - 2014-01-15 20:57 - 00003200 _____ C:\Windows\System32\Tasks\GoogleUpdateSetup
2014-01-11 23:26 - 2013-11-21 22:53 - 00000000 ____D C:\Users\Allybongo\AppData\Local\Google


:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#20
mrpooh3

Posted 02 February 2014 - 02:34 PM

Member

Topic Starter
Member
281 posts

Hi Essexboy here are my otl logs:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Allybongo
->Temp folder emptied: 108251097 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47312484 bytes
->Flash cache emptied: 58988 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1569071 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 150.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02022014_201848

Files\Folders moved on Reboot...
C:\Users\Allybongo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Allybongo\AppData\Local\Temp\~DFC12F1ABBF62F064C.TMP moved successfully.
C:\Windows\temp\ZLT037e8.TMP moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 02/02/2014 20:23:39 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Allybongo\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.58% Memory free
7.80 Gb Paging File | 6.15 Gb Available in Paging File | 78.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 195.26 Gb Free Space | 83.88% Space Free | Partition Type: NTFS

Computer Name: ALLYBONGO-PC | User Name: Allybongo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/01/31 01:00:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allybongo\Desktop\OTL.exe
PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/10/25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/08/20 17:12:34 | 000,130,520 | ---- | M] () -- C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
PRC - [2013/08/20 17:06:24 | 000,167,384 | ---- | M] () -- C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
PRC - [2013/08/20 17:03:18 | 001,274,840 | ---- | M] () -- C:\Program Files (x86)\DFX\DFX.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/20 17:31:50 | 000,049,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
MOD - [2013/08/20 17:12:34 | 000,130,520 | ---- | M] () -- C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
MOD - [2013/08/20 17:06:24 | 000,167,384 | ---- | M] () -- C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
MOD - [2013/08/20 17:03:18 | 001,274,840 | ---- | M] () -- C:\Program Files (x86)\DFX\DFX.exe

========== Services (SafeList) ==========

SRV:64bit: - [2014/02/02 07:02:28 | 000,244,328 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 22:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/18 08:50:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/02 09:47:27 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/02 06:42:46 | 002,151,744 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/14 13:26:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/01 01:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/02 07:04:44 | 000,462,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2014/02/02 07:04:34 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/02/02 07:02:28 | 000,084,712 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/01/22 01:09:34 | 000,017,088 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV:64bit: - [2013/10/23 11:00:56 | 000,454,168 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2013/10/15 11:38:24 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/10/09 01:31:54 | 000,489,568 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/10/08 05:47:30 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013/07/17 02:02:06 | 000,177,760 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/07/17 02:02:04 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2013/07/11 17:46:56 | 000,772,864 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6TPortGX64.sys -- (L6TPortGX)
DRV:64bit: - [2013/04/29 08:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2013/03/01 01:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/27 11:58:36 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/01/31 16:05:26 | 000,023,040 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipmidi.sys -- (ipMIDI)
DRV:64bit: - [2012/12/13 15:41:10 | 000,028,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/11/15 21:06:06 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/21 11:54:04 | 000,068,208 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/22 12:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/18 08:50:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/01/18 08:49:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/03 13:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/08/24 10:59:46 | 000,025,320 | ---- | M] (CPUID) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys -- (cpuz136)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C AD 7E 7B 15 C0 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B7b1bf0b6-a1b9-42b0-b75d-252036438bdc%7D:7.4
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.85
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 10:31:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 10:31:11 | 000,000,000 | ---D | M]

[2013/10/03 09:33:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Extensions
[2014/02/02 07:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\0intz3wy.default\extensions
[2013/12/28 23:14:50 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\0intz3wy.default\extensions\[email protected]
[2014/02/02 04:01:18 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\0intz3wy.default\extensions\[email protected]
[2014/02/02 03:44:12 | 000,061,640 | ---- | M] () (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\0intz3wy.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
[2014/02/02 04:20:56 | 000,102,696 | ---- | M] () (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\0intz3wy.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2014/01/16 17:39:01 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\0intz3wy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/02 04:51:24 | 000,002,283 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\0intz3wy.default\searchplugins\aol-web-search.xml
[2014/02/02 04:48:45 | 000,002,479 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\0intz3wy.default\searchplugins\askcom.xml
[2013/12/14 13:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/14 13:26:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF

O1 HOSTS File: ([2014/02/02 20:19:18 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [DFX] C:\Program Files (x86)\DFX\DFX.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F105BFF-611A-45EE-B4A5-EC05C0AEF371}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/02 09:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/02/02 08:39:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/02/02 08:18:09 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\SysWow64\PCWizard.cpl
[2014/02/02 08:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2014/02/02 08:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPUID
[2014/02/02 07:07:52 | 000,000,000 | ---D | C] -- C:\Windows\devcon
[2014/02/02 07:02:28 | 000,244,328 | ---- | C] (O2Micro International) -- C:\Windows\SysNative\o2flash.exe
[2014/02/02 07:02:28 | 000,084,712 | ---- | C] (O2Micro ) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys
[2014/02/02 06:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
[2014/02/02 06:49:05 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Wise Registry Cleaner
[2014/02/02 06:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2014/02/02 06:44:31 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Paint.NET
[2014/02/02 06:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2014/02/02 06:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2014/02/02 06:42:54 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\ProductData
[2014/02/02 06:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/02/02 06:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/02 06:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4
[2014/02/02 06:24:13 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\GlarySoft
[2014/02/02 06:24:12 | 000,117,024 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2014/02/02 06:24:12 | 000,017,088 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys
[2014/02/02 06:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 4
[2014/02/02 06:23:00 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\vlc
[2014/02/02 06:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/02/02 06:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/02/02 05:41:42 | 000,022,128 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\drivers\stdcfltn.sys
[2014/02/02 05:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2014/02/02 05:41:31 | 000,068,208 | ---- | C] (STMicroelectronics) -- C:\Windows\SysNative\drivers\ST_ACCEL.sys
[2014/02/02 05:41:31 | 000,065,136 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\stdcfltnco02.dll
[2014/02/02 05:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ST Microelectronics
[2014/02/02 04:38:52 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\QuickScan
[2014/02/01 21:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
[2014/02/01 21:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DFX
[2014/02/01 21:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DFX
[2014/02/01 20:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2014/02/01 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\ElevatedDiagnostics
[2014/02/01 02:35:43 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\DFX
[2014/02/01 01:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3
[2014/02/01 01:26:00 | 000,000,000 | ---D | C] -- C:\Python33
[2014/01/31 20:27:05 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/31 20:26:06 | 002,079,744 | ---- | C] (Farbar) -- C:\Users\Allybongo\Desktop\FRST64.exe
[2014/01/31 20:14:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/31 18:00:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/01/31 17:23:40 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Allybongo\Desktop\aswmbr.exe
[2014/01/20 01:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/16 14:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/01/16 12:50:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Allybongo\Desktop\OTL.exe
[2014/01/16 12:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/01/15 21:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2014/01/15 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\CrashDumps
[2014/01/07 23:19:39 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Jaksta_Technologies_Pty_L
[2014/01/07 23:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014/01/07 23:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013/10/03 11:44:43 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Allybongo\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/02/02 20:28:05 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/02 20:28:05 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/02 20:21:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2014/02/02 20:20:58 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/02/02 20:20:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/02 20:20:30 | 3140,259,840 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/02 20:19:51 | 000,019,609 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2014/02/02 20:19:18 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/02 19:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/02 10:02:02 | 000,099,384 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\inst.exe
[2014/02/02 10:02:02 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Allybongo\AppData\Roaming\pcouffin.sys
[2014/02/02 10:02:02 | 000,007,859 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.cat
[2014/02/02 10:02:02 | 000,001,167 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.inf
[2014/02/02 10:02:00 | 000,001,232 | ---- | M] () -- C:\Users\Allybongo\Desktop\ConvertXToDVD 5.lnk
[2014/02/02 10:02:00 | 000,001,224 | ---- | M] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2014/02/02 10:00:02 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\GlaryUpdate 4.job
[2014/02/02 07:04:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/02/02 07:02:28 | 000,244,328 | ---- | M] (O2Micro International) -- C:\Windows\SysNative\o2flash.exe
[2014/02/02 07:02:28 | 000,084,712 | ---- | M] (O2Micro ) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys
[2014/02/02 06:48:16 | 000,001,266 | ---- | M] () -- C:\Users\Allybongo\Desktop\Windows Update.lnk
[2014/02/02 06:47:47 | 000,001,887 | ---- | M] () -- C:\Users\Allybongo\Desktop\ImgBurn.lnk
[2014/02/02 06:45:10 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2014/02/02 06:24:16 | 000,001,108 | ---- | M] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2014/02/02 06:22:52 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/02/02 05:41:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ST_ACCEL_01009.Wdf
[2014/02/01 23:53:54 | 000,781,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/01 23:53:54 | 000,666,616 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/01 23:53:54 | 000,126,260 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/01 19:42:37 | 000,001,547 | ---- | M] () -- C:\Users\Allybongo\Desktop\Windows Media Player.lnk
[2014/01/31 20:26:14 | 002,079,744 | ---- | M] (Farbar) -- C:\Users\Allybongo\Desktop\FRST64.exe
[2014/01/31 17:23:58 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Allybongo\Desktop\aswmbr.exe
[2014/01/31 01:00:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allybongo\Desktop\OTL.exe
[2014/01/29 23:02:42 | 000,017,058 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/22 01:16:42 | 000,117,024 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2014/01/22 01:09:34 | 000,017,088 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys
[2014/01/15 20:35:53 | 000,281,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/15 00:10:20 | 000,000,396 | RHS- | M] () -- C:\ProgramData\ntuser.pol

========== Files Created - No Company Name ==========

[2014/02/02 10:02:00 | 000,001,232 | ---- | C] () -- C:\Users\Allybongo\Desktop\ConvertXToDVD 5.lnk
[2014/02/02 09:47:27 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/02 07:24:03 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\GlaryUpdate 4.job
[2014/02/02 07:04:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/02/02 06:59:19 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/02/02 06:48:16 | 000,001,266 | ---- | C] () -- C:\Users\Allybongo\Desktop\Windows Update.lnk
[2014/02/02 06:47:47 | 000,001,887 | ---- | C] () -- C:\Users\Allybongo\Desktop\ImgBurn.lnk
[2014/02/02 06:45:10 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2014/02/02 06:45:10 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2014/02/02 06:24:16 | 000,001,108 | ---- | C] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2014/02/02 06:24:16 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk
[2014/02/02 06:24:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2014/02/02 06:22:52 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/02/02 05:41:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ST_ACCEL_01009.Wdf
[2014/02/01 20:40:08 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/02/01 19:42:37 | 000,001,547 | ---- | C] () -- C:\Users\Allybongo\Desktop\Windows Media Player.lnk
[2014/01/29 23:02:42 | 000,017,058 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/15 00:10:20 | 000,000,396 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/29 22:34:18 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2013/12/29 04:55:35 | 000,000,016 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\msregsvv.dll
[2013/12/29 04:55:35 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2013/12/10 14:07:46 | 000,000,250 | ---- | C] () -- C:\Users\Allybongo\.swfinfo
[2013/12/10 14:06:21 | 000,000,990 | ---- | C] () -- C:\Windows\SysWow64\amsiq19a.sys
[2013/11/29 06:18:24 | 000,762,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/19 21:47:44 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/03 11:44:43 | 000,099,384 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\inst.exe
[2013/10/03 11:44:43 | 000,007,859 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.cat
[2013/10/03 11:44:43 | 000,001,167 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.inf
[2013/10/03 09:14:59 | 000,019,609 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/10/03 08:13:24 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2013/10/03 08:13:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013/10/03 08:04:52 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/10/03 08:04:49 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/03/01 01:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/02 05:54:06 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\.ACEStream
[2014/02/02 05:54:06 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ACEStream
[2013/12/03 05:25:24 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\CrystalIdea Software
[2013/11/18 00:39:55 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\FlowStone
[2014/02/02 06:24:13 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\GlarySoft
[2013/12/29 04:55:28 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\IK Multimedia
[2013/11/18 00:40:09 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Image-Line
[2013/10/26 19:39:16 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ImgBurn
[2014/02/02 09:51:14 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\IObit
[2013/11/11 22:38:39 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Jeskola
[2014/01/03 08:38:07 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Line 6
[2013/12/01 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\MediaMonkey
[2013/11/17 18:22:21 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\NetMedia Providers
[2013/11/19 02:09:40 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\PerformerSoft
[2013/11/25 04:48:19 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\PreSonus
[2014/02/02 06:42:54 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ProductData
[2013/11/17 18:22:21 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Publish Providers
[2014/02/02 04:39:52 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\QuickScan
[2013/11/25 05:16:09 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\REAPER
[2013/10/07 21:30:25 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\SanDisk
[2013/11/19 02:07:44 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\SeeSimilar02
[2013/11/30 13:09:24 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Sony
[2013/11/25 00:12:52 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Topten Software
[2014/02/02 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\uTorrent
[2014/02/02 10:02:02 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Vso
[2014/02/02 06:50:00 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Wise Registry Cleaner

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#21
Essexboy

Posted 02 February 2014 - 03:38 PM

GeekU Moderator

Retired Staff
69,964 posts

Is your cpu behaving now ? Does MBAM find anything ?

#22
mrpooh3

Posted 02 February 2014 - 05:07 PM

Member

Topic Starter
Member
281 posts

Hi Essexboy, after rebooting the setup exe came back at 100% cpu usage.
I opened its file location from task bar and wrote down where it was located and all the files inside the folder on notepad and will post it for you.
I also done another malwarebytes scan and will also post that.

File location of setup.exe

Allybongo>AppData>Local>Temp>GoogleSetup

libcurl-4.dll
libcurl-4.dll.comp
pthreadGC2.dll
pthreadGC2,dll.comp
setup.bin.comp
setup (Application)
zlib1.dll
zlib1.dll.comp

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Allybongo :: ALLYBONGO-PC [administrator]

Protection: Disabled

03/02/2014 03:51:49
MBAM-log-2014-02-03 (04-32-15).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313768
Time elapsed: 40 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Allybongo\AppData\Local\Temp\GoogleSetup\libcurl-4.dll (Trojan.Miner) -> No action taken.
C:\Users\Allybongo\AppData\Local\Temp\GoogleSetup\setup.exe (PUP.BitCoinMiner) -> No action taken.
C:\_OTL\MovedFiles\01312014_201440\C_Users\Allybongo\AppData\Local\Temp\GoogleSetup\libcurl-4.dll (Trojan.Miner) -> No action taken.
C:\_OTL\MovedFiles\01312014_201440\C_Users\Allybongo\AppData\Local\Temp\GoogleSetup\setup.exe (PUP.BitCoinMiner) -> No action taken.

(end)

Edited by mrpooh3, 02 February 2014 - 10:34 PM.

#23
Essexboy

Posted 03 February 2014 - 07:48 AM

GeekU Moderator

Retired Staff
69,964 posts

OK it is yet again in the temp folder, and at the moment I cannot see where it is running from so let get the big boy out

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

[img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#24
mrpooh3

Posted 03 February 2014 - 02:35 PM

Member

Topic Starter
Member
281 posts

Hi Essexboy,Apologies for the late reply.
I ran the combofix and will post the log,I also done a malwarebytes pro full scan after it and will post this also.
I turned on Malwarebytes realtime protection aswell.
Here are my logs :

ComboFix 14-02-03.01 - Allybongo 03/02/2014 19:33:29.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3993.2661 [GMT 0:00]
Running from: c:\users\Allybongo\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Allybongo\AppData\Roaming\inst.exe
c:\windows\GoogleSetup.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-01-03 to 2014-02-03 )))))))))))))))))))))))))))))))
.
.
2014-02-03 19:37 . 2014-02-03 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-03 13:23 . 2014-02-03 13:24 -------- d-----w- c:\program files (x86)\Google
2014-02-03 13:23 . 2014-02-03 13:24 -------- d-----w- c:\users\Allybongo\AppData\Local\Google
2014-02-03 10:47 . 2014-02-03 10:47 -------- d-----w- c:\users\Allybongo\AppData\Local\VS Revo Group
2014-02-03 10:47 . 2014-02-03 11:58 -------- d-----w- c:\programdata\VS Revo Group
2014-02-03 10:28 . 2014-02-03 10:36 -------- d-----w- C:\AdwCleaner
2014-02-03 09:45 . 2013-07-16 03:41 743248 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2014-02-03 09:45 . 2013-07-16 03:41 1858896 ----a-w- c:\windows\system32\msvcr100d.dll
2014-02-03 09:45 . 2013-07-16 03:41 1498960 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2014-02-03 09:45 . 2013-07-16 03:41 1014096 ----a-w- c:\windows\system32\msvcp100d.dll
2014-02-03 08:57 . 2014-02-03 08:58 -------- d-----w- c:\programdata\Sophos
2014-02-03 08:35 . 2014-02-03 08:35 73728 ----a-r- c:\users\Allybongo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-02-03 08:35 . 2014-02-03 08:35 73728 ----a-r- c:\users\Allybongo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-02-03 08:35 . 2014-02-03 08:35 73728 ----a-r- c:\users\Allybongo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-02-03 08:35 . 2014-02-03 08:35 -------- d-----w- c:\program files (x86)\Sophos
2014-02-03 08:08 . 2014-02-03 08:22 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-03 02:24 . 2014-02-03 02:24 -------- d-----w- c:\users\Allybongo\AppData\Roaming\OpenOffice
2014-02-02 23:09 . 2014-02-02 23:09 -------- d-----w- c:\users\Allybongo\AppData\Local\Macromedia
2014-02-02 23:01 . 2014-02-02 23:01 -------- d-----w- c:\users\Allybongo\AppData\Local\VirtualStore
2014-02-02 21:36 . 2014-02-02 21:36 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-02-02 21:01 . 2013-11-19 16:52 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-02-02 21:00 . 2014-01-08 15:54 121856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-02-02 21:00 . 2013-12-24 10:40 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-02-02 07:07 . 2014-02-03 11:57 -------- d-----w- c:\windows\devcon
2014-02-02 07:05 . 2014-02-02 07:05 116224 ----a-w- c:\windows\system32\igfxCoIn_v3223.dll
2014-02-02 07:05 . 2014-01-29 23:02 279000 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-02-02 07:04 . 2014-02-02 07:04 462544 ----a-w- c:\windows\system32\drivers\b57nd60a.sys
2014-02-02 07:04 . 2014-02-02 07:04 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2014-02-02 07:04 . 2014-02-02 07:04 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-02-02 07:02 . 2014-02-02 07:02 84712 ----a-w- c:\windows\system32\drivers\o2sdjw7x64.sys
2014-02-02 07:02 . 2014-02-02 07:02 244328 ----a-w- c:\windows\system32\o2flash.exe
2014-02-02 06:44 . 2014-02-03 11:58 -------- d-----w- c:\program files\Paint.NET
2014-02-02 06:44 . 2014-02-02 06:46 -------- d-----w- c:\users\Allybongo\AppData\Local\Paint.NET
2014-02-02 06:42 . 2014-02-03 11:58 -------- d-----w- c:\users\Allybongo\AppData\Roaming\ProductData
2014-02-02 06:32 . 2014-02-03 11:58 -------- d-----w- c:\program files\CCleaner
2014-02-02 06:24 . 2014-02-02 06:24 -------- d-----w- c:\users\Allybongo\AppData\Roaming\GlarySoft
2014-02-02 06:24 . 2014-01-22 01:16 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2014-02-02 06:24 . 2014-01-22 01:09 17088 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-02-02 06:24 . 2014-02-03 11:58 -------- d-----w- c:\program files (x86)\Glary Utilities 4
2014-02-02 06:23 . 2014-02-03 11:58 -------- d-----w- c:\users\Allybongo\AppData\Roaming\vlc
2014-02-02 06:22 . 2014-02-02 06:22 -------- d-----w- c:\program files\VideoLAN
2014-02-02 05:41 . 2011-07-15 21:31 22128 ----a-w- c:\windows\system32\drivers\stdcfltn.sys
2014-02-02 05:41 . 2014-02-02 05:41 -------- d-----w- c:\program files\STMicroelectronics
2014-02-02 05:41 . 2014-02-02 05:43 -------- d-----w- c:\program files (x86)\ST Microelectronics
2014-02-02 05:41 . 2012-05-21 11:54 68208 ----a-w- c:\windows\system32\drivers\ST_ACCEL.sys
2014-02-02 05:41 . 2012-05-21 11:54 65136 ----a-w- c:\windows\system32\stdcfltnco02.dll
2014-02-02 04:38 . 2014-02-02 04:39 -------- d-----w- c:\users\Allybongo\AppData\Roaming\QuickScan
2014-02-01 21:46 . 2008-01-20 21:51 273408 ----a-w- c:\program files\Windows Media Player\wmpband.dll
2014-02-01 21:07 . 2014-02-03 11:58 -------- d-----w- c:\program files (x86)\DFX
2014-02-01 21:07 . 2014-02-01 21:07 -------- d-----w- c:\program files (x86)\Common Files\DFX
2014-02-01 20:24 . 2014-02-02 23:16 -------- d-----w- c:\users\Allybongo\AppData\Local\ElevatedDiagnostics
2014-02-01 02:35 . 2014-02-01 02:35 -------- d-----w- c:\users\Allybongo\AppData\Local\DFX
2014-02-01 02:34 . 2014-02-01 02:34 -------- d-----w- c:\users\Administrator
2014-02-01 01:26 . 2014-02-03 11:58 -------- d-----w- C:\Python33
2014-01-31 20:27 . 2014-01-31 20:27 -------- d-----w- C:\FRST
2014-01-31 20:14 . 2014-01-31 20:14 -------- d-----w- C:\_OTL
2014-01-31 17:25 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA8AC0A0-10CF-426E-B728-392950AB0BAE}\mpengine.dll
2014-01-20 01:13 . 2013-12-18 21:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-16 14:17 . 2014-02-03 11:58 -------- d-----w- c:\programdata\HitmanPro
2014-01-16 12:14 . 2014-01-16 12:14 -------- d-----w- c:\programdata\Kaspersky Lab
2014-01-15 21:34 . 2014-01-15 21:34 -------- d-----w- c:\programdata\Doctor Web
2014-01-15 20:29 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 20:29 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 20:29 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 20:29 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 20:29 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 20:29 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 20:29 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 20:29 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 20:29 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 00:05 . 2014-02-03 01:04 -------- d-----w- c:\users\Allybongo\AppData\Local\CrashDumps
2014-01-07 23:19 . 2014-01-07 23:24 -------- d-----w- c:\users\Allybongo\AppData\Local\Jaksta_Technologies_Pty_L
2014-01-07 23:19 . 2014-02-03 11:58 -------- d-----w- c:\program files (x86)\WinPcap
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-02 10:02 . 2013-10-03 11:44 82816 ----a-w- c:\users\Allybongo\AppData\Roaming\pcouffin.sys
2014-01-29 23:02 . 2013-10-03 08:04 64000 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-01-29 23:02 . 2013-10-03 08:04 12859392 ----a-w- c:\windows\system32\igd10umd64.dll
2014-01-29 23:02 . 2013-10-03 08:04 110592 ----a-w- c:\windows\system32\hccutils.dll
2014-01-15 20:30 . 2013-10-03 10:44 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-29 22:22 . 2013-12-29 04:55 16 ----a-w- c:\users\Allybongo\AppData\Roaming\msregsvv.dll
2013-12-18 06:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-26 11:54 . 2013-12-11 19:45 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 19:45 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 19:45 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 19:45 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 19:45 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 19:45 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 19:45 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 19:45 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 19:45 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 19:45 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 19:45 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 19:45 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 19:45 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 19:45 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 19:45 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 19:45 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 19:45 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 19:45 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 19:45 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 19:45 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 19:45 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 19:45 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 19:45 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 19:45 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 19:42 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:42 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 00:41 . 2013-11-19 00:41 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 00:41 . 2013-11-19 00:41 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-19 00:41 . 2013-11-19 00:41 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-19 00:41 . 2013-11-19 00:41 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-19 00:41 . 2013-11-19 00:41 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-19 00:41 . 2013-11-19 00:41 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 00:41 . 2013-11-19 00:41 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-19 00:41 . 2013-11-19 00:41 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-19 00:41 . 2013-11-19 00:41 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-19 00:41 . 2013-11-19 00:41 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-19 00:41 . 2013-11-19 00:41 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-19 00:41 . 2013-11-19 00:41 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-19 00:41 . 2013-11-19 00:41 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-19 00:41 . 2013-11-19 00:41 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-19 00:41 . 2013-11-19 00:41 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-19 00:41 . 2013-11-19 00:41 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-19 00:41 . 2013-11-19 00:41 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-19 00:41 . 2013-11-19 00:41 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-19 00:41 . 2013-11-19 00:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-19 00:41 . 2013-11-19 00:41 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-19 00:41 . 2013-11-19 00:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-19 00:41 . 2013-11-19 00:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-19 00:41 . 2013-11-19 00:41 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-19 00:41 . 2013-11-19 00:41 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-19 00:41 . 2013-11-19 00:41 413696 ----a-w- c:\windows\system32\html.iec
2013-11-19 00:41 . 2013-11-19 00:41 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 00:41 . 2013-11-19 00:41 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-19 00:41 . 2013-11-19 00:41 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-19 00:41 . 2013-11-19 00:41 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-19 00:41 . 2013-11-19 00:41 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-19 00:41 . 2013-11-19 00:41 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-19 00:41 . 2013-11-19 00:41 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-19 00:41 . 2013-11-19 00:41 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-19 00:41 . 2013-11-19 00:41 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-19 00:41 . 2013-11-19 00:41 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-19 00:41 . 2013-11-19 00:41 235520 ----a-w- c:\windows\system32\url.dll
2013-11-19 00:41 . 2013-11-19 00:41 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-19 00:41 . 2013-11-19 00:41 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-19 00:41 . 2013-11-19 00:41 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-19 00:41 . 2013-11-19 00:41 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-19 00:41 . 2013-11-19 00:41 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-19 00:41 . 2013-11-19 00:41 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-19 00:41 . 2013-11-19 00:41 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-19 00:41 . 2013-11-19 00:41 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-19 00:41 . 2013-11-19 00:41 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-19 00:41 . 2013-11-19 00:41 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-19 00:41 . 2013-11-19 00:41 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-19 00:41 . 2013-11-19 00:41 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-19 00:41 . 2013-11-19 00:41 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-19 00:41 . 2013-11-19 00:41 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-19 00:41 . 2013-11-19 00:41 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-19 00:41 . 2013-11-19 00:41 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 00:41 . 2013-11-19 00:41 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-19 00:41 . 2013-11-19 00:41 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-19 00:41 . 2013-11-19 00:41 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-19 00:41 . 2013-11-19 00:41 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-19 00:41 . 2013-11-19 00:41 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-19 00:41 . 2013-11-19 00:41 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-19 00:41 . 2013-11-19 00:41 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-18 21:19 . 2013-11-18 21:19 3923456 ----a-w- c:\windows\system32\python33.dll
2013-11-18 21:18 . 2013-11-18 21:18 94208 ----a-w- c:\windows\pyw.exe
2013-11-18 21:18 . 2013-11-18 21:18 93696 ----a-w- c:\windows\py.exe
2013-11-12 02:23 . 2013-12-11 19:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-25 73832]
"DFX"="c:\program files (x86)\DFX\DFX.exe" [2013-08-20 1274840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 tcoifh;tcoifh; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x]
R3 cpuz136;cpuz136;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys;c:\windows\SYSNATIVE\drivers\ipmidi.sys [x]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX64.sys;c:\windows\SYSNATIVE\Drivers\L6TPortGX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-03 13:24 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-03 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-02-02 14:16]
.
2014-02-03 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-01-22 01:15]
.
2014-02-02 c:\windows\Tasks\GlaryUpdate 4.job
- c:\program files (x86)\Glary Utilities 4\CheckUpdate.exe [2014-01-22 01:15]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03 13:23]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03 13:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 6492672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: dell.com
Trusted Zone: line6.net
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-02-03 19:43:04 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-03 19:43
.
Pre-Run: 212,868,300,800 bytes free
Post-Run: 212,631,359,488 bytes free
.
- - End Of File - - 463FCD0045641E02DDCD9AAC87DBC4D0
A36C5E4F47E84449FF07ED3517B43A31

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Allybongo :: ALLYBONGO-PC [administrator]

Protection: Enabled

03/02/2014 19:46:01
mbam-log-2014-02-03 (19-46-01).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342548
Time elapsed: 43 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#25
Essexboy

Posted 03 February 2014 - 03:09 PM

GeekU Moderator

Retired Staff
69,964 posts

No problem on the timing

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
tcoifh

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#26
mrpooh3

Posted 03 February 2014 - 03:29 PM

Member

Topic Starter
Member
281 posts

Hi Essexboy,here is my combofix log :

ComboFix 14-02-03.01 - Allybongo 03/02/2014 21:17:08.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3993.2506 [GMT 0:00]
Running from: c:\users\Allybongo\Desktop\ComboFix.exe
Command switches used :: c:\users\Allybongo\Desktop\CFScript.txt
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TCOIFH
-------\Service_tcoifh
.
.
((((((((((((((((((((((((( Files Created from 2014-01-03 to 2014-02-03 )))))))))))))))))))))))))))))))
.
.
2014-02-03 21:20 . 2014-02-03 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-03 19:59 . 2014-02-03 19:59 -------- d-----w- c:\users\Allybongo\.idlerc
2014-02-03 13:23 . 2014-02-03 13:24 -------- d-----w- c:\program files (x86)\Google
2014-02-03 13:23 . 2014-02-03 13:24 -------- d-----w- c:\users\Allybongo\AppData\Local\Google
2014-02-03 10:47 . 2014-02-03 10:47 -------- d-----w- c:\users\Allybongo\AppData\Local\VS Revo Group
2014-02-03 10:47 . 2014-02-03 11:58 -------- d-----w- c:\programdata\VS Revo Group
2014-02-03 10:28 . 2014-02-03 10:36 -------- d-----w- C:\AdwCleaner
2014-02-03 09:45 . 2013-07-16 03:41 743248 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2014-02-03 09:45 . 2013-07-16 03:41 1858896 ----a-w- c:\windows\system32\msvcr100d.dll
2014-02-03 09:45 . 2013-07-16 03:41 1498960 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2014-02-03 09:45 . 2013-07-16 03:41 1014096 ----a-w- c:\windows\system32\msvcp100d.dll
2014-02-03 08:57 . 2014-02-03 08:58 -------- d-----w- c:\programdata\Sophos
2014-02-03 08:35 . 2014-02-03 08:35 73728 ----a-r- c:\users\Allybongo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-02-03 08:35 . 2014-02-03 08:35 73728 ----a-r- c:\users\Allybongo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-02-03 08:35 . 2014-02-03 08:35 73728 ----a-r- c:\users\Allybongo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-02-03 08:35 . 2014-02-03 08:35 -------- d-----w- c:\program files (x86)\Sophos
2014-02-03 08:08 . 2014-02-03 08:22 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-03 02:24 . 2014-02-03 02:24 -------- d-----w- c:\users\Allybongo\AppData\Roaming\OpenOffice
2014-02-02 23:09 . 2014-02-02 23:09 -------- d-----w- c:\users\Allybongo\AppData\Local\Macromedia
2014-02-02 23:01 . 2014-02-02 23:01 -------- d-----w- c:\users\Allybongo\AppData\Local\VirtualStore
2014-02-02 21:36 . 2014-02-02 21:36 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-02-02 21:01 . 2013-11-19 16:52 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-02-02 21:00 . 2014-01-08 15:54 121856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-02-02 21:00 . 2013-12-24 10:40 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-02-02 07:07 . 2014-02-03 11:57 -------- d-----w- c:\windows\devcon
2014-02-02 07:05 . 2014-02-02 07:05 116224 ----a-w- c:\windows\system32\igfxCoIn_v3223.dll
2014-02-02 07:05 . 2014-01-29 23:02 279000 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-02-02 07:04 . 2014-02-02 07:04 462544 ----a-w- c:\windows\system32\drivers\b57nd60a.sys
2014-02-02 07:04 . 2014-02-02 07:04 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2014-02-02 07:04 . 2014-02-02 07:04 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-02-02 07:02 . 2014-02-02 07:02 84712 ----a-w- c:\windows\system32\drivers\o2sdjw7x64.sys
2014-02-02 07:02 . 2014-02-02 07:02 244328 ----a-w- c:\windows\system32\o2flash.exe
2014-02-02 06:44 . 2014-02-03 11:58 -------- d-----w- c:\program files\Paint.NET
2014-02-02 06:44 . 2014-02-03 20:33 -------- d-----w- c:\users\Allybongo\AppData\Local\Paint.NET
2014-02-02 06:42 . 2014-02-03 11:58 -------- d-----w- c:\users\Allybongo\AppData\Roaming\ProductData
2014-02-02 06:32 . 2014-02-03 11:58 -------- d-----w- c:\program files\CCleaner
2014-02-02 06:24 . 2014-02-02 06:24 -------- d-----w- c:\users\Allybongo\AppData\Roaming\GlarySoft
2014-02-02 06:24 . 2014-01-22 01:16 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2014-02-02 06:24 . 2014-01-22 01:09 17088 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-02-02 06:24 . 2014-02-03 11:58 -------- d-----w- c:\program files (x86)\Glary Utilities 4
2014-02-02 06:23 . 2014-02-03 20:00 -------- d-----w- c:\users\Allybongo\AppData\Roaming\vlc
2014-02-02 06:22 . 2014-02-02 06:22 -------- d-----w- c:\program files\VideoLAN
2014-02-02 05:41 . 2011-07-15 21:31 22128 ----a-w- c:\windows\system32\drivers\stdcfltn.sys
2014-02-02 05:41 . 2014-02-02 05:41 -------- d-----w- c:\program files\STMicroelectronics
2014-02-02 05:41 . 2014-02-02 05:43 -------- d-----w- c:\program files (x86)\ST Microelectronics
2014-02-02 05:41 . 2012-05-21 11:54 68208 ----a-w- c:\windows\system32\drivers\ST_ACCEL.sys
2014-02-02 05:41 . 2012-05-21 11:54 65136 ----a-w- c:\windows\system32\stdcfltnco02.dll
2014-02-02 04:38 . 2014-02-02 04:39 -------- d-----w- c:\users\Allybongo\AppData\Roaming\QuickScan
2014-02-01 21:46 . 2008-01-20 21:51 273408 ----a-w- c:\program files\Windows Media Player\wmpband.dll
2014-02-01 21:07 . 2014-02-03 11:58 -------- d-----w- c:\program files (x86)\DFX
2014-02-01 21:07 . 2014-02-01 21:07 -------- d-----w- c:\program files (x86)\Common Files\DFX
2014-02-01 20:24 . 2014-02-02 23:16 -------- d-----w- c:\users\Allybongo\AppData\Local\ElevatedDiagnostics
2014-02-01 02:35 . 2014-02-01 02:35 -------- d-----w- c:\users\Allybongo\AppData\Local\DFX
2014-02-01 02:34 . 2014-02-01 02:34 -------- d-----w- c:\users\Administrator
2014-01-31 20:27 . 2014-01-31 20:27 -------- d-----w- C:\FRST
2014-01-31 20:14 . 2014-01-31 20:14 -------- d-----w- C:\_OTL
2014-01-31 17:25 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA8AC0A0-10CF-426E-B728-392950AB0BAE}\mpengine.dll
2014-01-20 01:13 . 2013-12-18 21:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-16 14:17 . 2014-02-03 11:58 -------- d-----w- c:\programdata\HitmanPro
2014-01-16 12:14 . 2014-01-16 12:14 -------- d-----w- c:\programdata\Kaspersky Lab
2014-01-15 21:34 . 2014-01-15 21:34 -------- d-----w- c:\programdata\Doctor Web
2014-01-15 20:29 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 20:29 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 20:29 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 20:29 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 20:29 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 20:29 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 20:29 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 20:29 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 20:29 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 00:05 . 2014-02-03 01:04 -------- d-----w- c:\users\Allybongo\AppData\Local\CrashDumps
2014-01-07 23:19 . 2014-01-07 23:24 -------- d-----w- c:\users\Allybongo\AppData\Local\Jaksta_Technologies_Pty_L
2014-01-07 23:19 . 2014-02-03 11:58 -------- d-----w- c:\program files (x86)\WinPcap
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-02 10:02 . 2013-10-03 11:44 82816 ----a-w- c:\users\Allybongo\AppData\Roaming\pcouffin.sys
2014-01-29 23:02 . 2013-10-03 08:04 64000 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-01-29 23:02 . 2013-10-03 08:04 12859392 ----a-w- c:\windows\system32\igd10umd64.dll
2014-01-29 23:02 . 2013-10-03 08:04 110592 ----a-w- c:\windows\system32\hccutils.dll
2014-01-15 20:30 . 2013-10-03 10:44 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-29 22:22 . 2013-12-29 04:55 16 ----a-w- c:\users\Allybongo\AppData\Roaming\msregsvv.dll
2013-12-18 06:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-26 11:54 . 2013-12-11 19:45 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 19:45 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 19:45 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 19:45 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 19:45 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 19:45 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 19:45 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 19:45 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 19:45 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 19:45 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 19:45 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 19:45 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 19:45 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 19:45 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 19:45 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 19:45 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 19:45 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 19:45 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 19:45 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 19:45 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 19:45 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 19:45 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 19:45 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 19:45 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 19:42 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:42 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 00:41 . 2013-11-19 00:41 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 00:41 . 2013-11-19 00:41 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-19 00:41 . 2013-11-19 00:41 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-19 00:41 . 2013-11-19 00:41 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-19 00:41 . 2013-11-19 00:41 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-19 00:41 . 2013-11-19 00:41 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 00:41 . 2013-11-19 00:41 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-19 00:41 . 2013-11-19 00:41 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-19 00:41 . 2013-11-19 00:41 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-19 00:41 . 2013-11-19 00:41 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-19 00:41 . 2013-11-19 00:41 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-19 00:41 . 2013-11-19 00:41 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-19 00:41 . 2013-11-19 00:41 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-19 00:41 . 2013-11-19 00:41 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-19 00:41 . 2013-11-19 00:41 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-19 00:41 . 2013-11-19 00:41 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-19 00:41 . 2013-11-19 00:41 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-19 00:41 . 2013-11-19 00:41 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-19 00:41 . 2013-11-19 00:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-19 00:41 . 2013-11-19 00:41 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-19 00:41 . 2013-11-19 00:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-19 00:41 . 2013-11-19 00:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-19 00:41 . 2013-11-19 00:41 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-19 00:41 . 2013-11-19 00:41 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-19 00:41 . 2013-11-19 00:41 413696 ----a-w- c:\windows\system32\html.iec
2013-11-19 00:41 . 2013-11-19 00:41 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 00:41 . 2013-11-19 00:41 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-19 00:41 . 2013-11-19 00:41 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-19 00:41 . 2013-11-19 00:41 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-19 00:41 . 2013-11-19 00:41 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-19 00:41 . 2013-11-19 00:41 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-19 00:41 . 2013-11-19 00:41 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-19 00:41 . 2013-11-19 00:41 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-19 00:41 . 2013-11-19 00:41 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-19 00:41 . 2013-11-19 00:41 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-19 00:41 . 2013-11-19 00:41 235520 ----a-w- c:\windows\system32\url.dll
2013-11-19 00:41 . 2013-11-19 00:41 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-19 00:41 . 2013-11-19 00:41 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-19 00:41 . 2013-11-19 00:41 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-19 00:41 . 2013-11-19 00:41 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-19 00:41 . 2013-11-19 00:41 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-19 00:41 . 2013-11-19 00:41 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-19 00:41 . 2013-11-19 00:41 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-19 00:41 . 2013-11-19 00:41 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-19 00:41 . 2013-11-19 00:41 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-19 00:41 . 2013-11-19 00:41 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-19 00:41 . 2013-11-19 00:41 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-19 00:41 . 2013-11-19 00:41 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-19 00:41 . 2013-11-19 00:41 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-19 00:41 . 2013-11-19 00:41 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-19 00:41 . 2013-11-19 00:41 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-19 00:41 . 2013-11-19 00:41 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 00:41 . 2013-11-19 00:41 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-19 00:41 . 2013-11-19 00:41 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-19 00:41 . 2013-11-19 00:41 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-19 00:41 . 2013-11-19 00:41 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-19 00:41 . 2013-11-19 00:41 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-19 00:41 . 2013-11-19 00:41 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-19 00:41 . 2013-11-19 00:41 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-12 02:23 . 2013-12-11 19:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-25 73832]
"DFX"="c:\program files (x86)\DFX\DFX.exe" [2013-08-20 1274840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x]
R3 cpuz136;cpuz136;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys;c:\windows\SYSNATIVE\drivers\ipmidi.sys [x]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX64.sys;c:\windows\SYSNATIVE\Drivers\L6TPortGX64.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-03 13:24 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-03 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-02-03 14:16]
.
2014-02-03 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-01-22 01:15]
.
2014-02-02 c:\windows\Tasks\GlaryUpdate 4.job
- c:\program files (x86)\Glary Utilities 4\CheckUpdate.exe [2014-01-22 01:15]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03 13:23]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03 13:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 6492672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: dell.com
Trusted Zone: line6.net
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-02-03 21:26:22 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-03 21:26
.
Pre-Run: 212,329,172,992 bytes free
Post-Run: 211,687,337,984 bytes free
.
- - End Of File - - 3D1DBBB4E2E3DBA5976F8F8C9896FDB1
A36C5E4F47E84449FF07ED3517B43A31

#27
mrpooh3

Posted 03 February 2014 - 03:31 PM

Member

Topic Starter
Member
281 posts

sorry i made a double post

Edited by mrpooh3, 03 February 2014 - 03:34 PM.

#28
Essexboy

Posted 03 February 2014 - 03:37 PM

GeekU Moderator

Retired Staff
69,964 posts

Well that is the hidden driver consigned to history

Could you reboot and let me know if the cpu is still running high

#29
mrpooh3

Posted 04 February 2014 - 05:46 AM

Member

Topic Starter
Member
281 posts

Hi Essexboy,I have e-booted my laptop on a few different occasions now and it is working like a charm!

#30
Essexboy

Posted 04 February 2014 - 07:53 AM

GeekU Moderator

Retired Staff
69,964 posts

In that case methinks I will send you on your merry way

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Download and run Delfix

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave: