Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware filling up computer hd...not room left


  • This topic is locked This topic is locked
13 replies to this topic

#1 luvscoco

luvscoco

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:15 PM

Posted 02 March 2016 - 09:37 AM

I am down to about 500 mgs on a 125 gig hard drive. I delete and move things

but it keeps filling up. I dont know what to do to fix it as I am not even sure

what is causing it.

 

I want to clone the harddrive to a bigger hard drive but I dont think I even

have enough room to do this and I think the problem will just continue

 

Can anyone help me fix this I am stuck

 

I help seniors with their computers for free but I am stuck on this one



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:15 AM

Posted 02 March 2016 - 09:43 AM


:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic ‘til you get the “all clean” post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:15 PM

Posted 02 March 2016 - 10:41 AM

First I was so desperate that I ran combofix after I posted for  help and before you replied. (sorry)

here is that log. I did free up the hd drive space but I am not sure it is fixed.

 

ComboFix 16-03-01.01 - Dale 03/02/2016   6:14.1.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.4094.2244 [GMT -8:00]
Running from: E:\ComboFix.exe
AV: ThreatTrack Security VIPRE *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: ThreatTrack Security VIPRE *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{13C67856-98E8-4ACC-8BE3-B3A0B2593955}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1B398DCD-88DA-46D9-911A-002761F74898}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1FF24776-1061-493C-AEBA-AA6994DED398}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{26F65574-6F92-4328-A896-67FE7829A7A5}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{270DD105-0F9F-4F44-8B30-F275F66B23D2}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2B4D7D89-C3BF-4E6E-928B-642AC12FEEDE}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4810024D-A39B-4DC4-8BA1-57D2628B89F1}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5051A6EC-3E13-4F33-A10A-0A362CCA7B9C}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{582241DB-83B8-4262-801B-B43DA94E1EBC}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{62B1A1D9-A8A9-4EB3-BDE9-2D435F847240}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6515F2BA-2612-47C8-9C39-E7DDB67FA42E}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{69835250-5066-49E0-92E7-C509FABAD3DE}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{70B33D30-0205-4E1E-8A65-873606612F3D}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74799EF5-E45A-4D48-9D3B-52BE7332810D}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8B652069-3638-472C-B753-CC71F0E8E16E}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98CB585B-1E65-4E6F-B7CB-A8A13CCF69F0}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9DDEF0D5-CBEB-4DF0-A832-3F36227E5F5A}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F9271B0-3102-4AA4-8FC5-C85E3D5E2E1B}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A4F8F7B5-75F8-4086-9098-EFCE14AE2DEA}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B97C3CBB-026C-463B-AFA1-0D378D30A730}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B9A1D907-A55D-4749-98AC-BCD9034FDC61}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C478532F-0AED-4EEC-9E0A-EFC836A9D148}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CE37830B-7766-42C2-9A87-7634220B13FD}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E6C7C0CD-7F76-4EFD-BDEE-CA184703271A}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ED13C476-CF68-403A-BEFE-79764EC5ACB0}.xps
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB1BC1B2-95C2-4DD8-AEFD-FE11CA115262}.xps
c:\users\Dale\Documents\~WRL2594.tmp
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2016-02-02 to 2016-03-02  )))))))))))))))))))))))))))))))
.
.
2016-03-02 14:26 . 2016-03-02 14:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-03-02 00:56 . 2016-03-02 00:57    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-02 00:56 . 2016-03-02 00:56    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2016-03-02 00:56 . 2015-10-05 17:50    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2016-03-02 00:56 . 2015-10-05 17:50    109272    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2016-03-02 00:35 . 2016-03-02 00:35    --------    d-----w-    c:\program files (x86)\Belarc
2016-03-02 00:31 . 2016-03-02 00:31    --------    d-----w-    c:\program files (x86)\Magical Jelly Bean
2016-02-14 20:47 . 2016-01-22 06:19    1214464    ----a-w-    c:\windows\system32\rpcrt4.dll
2016-02-14 20:46 . 2016-01-16 19:01    2085888    ----a-w-    c:\windows\system32\ole32.dll
2016-02-14 20:46 . 2016-01-16 18:36    1413632    ----a-w-    c:\windows\SysWow64\ole32.dll
2016-02-12 00:58 . 2016-01-07 17:53    3211776    ----a-w-    c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-02 00:13 . 2015-06-20 21:39    16056    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2016-02-18 03:19 . 2014-06-22 22:04    796864    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-18 03:19 . 2014-06-22 22:04    142528    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-14 11:11 . 2013-09-14 03:59    146614896    ----a-w-    c:\windows\system32\MRT.exe
2016-01-22 05:59 . 2016-02-14 20:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-12-23 23:13 . 2016-01-13 04:27    387784    ----a-w-    c:\windows\system32\iedkcs32.dll
2015-12-12 18:54 . 2016-01-13 04:27    25837568    ----a-w-    c:\windows\system32\mshtml.dll
2015-12-12 18:31 . 2016-01-13 04:27    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2015-12-12 18:30 . 2016-01-13 04:27    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2015-12-12 18:16 . 2016-01-13 04:27    66560    ----a-w-    c:\windows\system32\iesetup.dll
2015-12-12 18:15 . 2016-01-13 04:27    2887168    ----a-w-    c:\windows\system32\iertutil.dll
2015-12-12 18:15 . 2016-01-13 04:27    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2015-12-12 18:15 . 2016-01-13 04:27    417792    ----a-w-    c:\windows\system32\html.iec
2015-12-12 18:15 . 2016-01-13 04:27    571904    ----a-w-    c:\windows\system32\vbscript.dll
2015-12-12 18:14 . 2016-01-13 04:27    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2015-12-12 18:07 . 2016-01-13 04:27    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2015-12-12 18:07 . 2016-01-13 04:27    6051328    ----a-w-    c:\windows\system32\jscript9.dll
2015-12-12 18:07 . 2016-01-13 04:27    34304    ----a-w-    c:\windows\system32\iernonce.dll
2015-12-12 18:03 . 2016-01-13 04:27    615936    ----a-w-    c:\windows\system32\ieui.dll
2015-12-12 18:02 . 2016-01-13 04:27    817664    ----a-w-    c:\windows\system32\jscript.dll
2015-12-12 18:02 . 2016-01-13 04:27    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2015-12-12 18:02 . 2016-01-13 04:27    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-12-12 18:02 . 2016-01-13 04:27    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-12-12 17:55 . 2016-01-13 04:27    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-12-12 17:51 . 2016-01-13 04:27    489984    ----a-w-    c:\windows\system32\dxtmsft.dll
2015-12-12 17:49 . 2016-01-13 04:27    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2015-12-12 17:44 . 2016-01-13 04:27    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2015-12-12 17:40 . 2016-01-13 04:27    199680    ----a-w-    c:\windows\system32\msrating.dll
2015-12-12 17:39 . 2016-01-13 04:27    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2015-12-12 17:37 . 2016-01-13 04:27    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2015-12-12 17:37 . 2016-01-13 04:27    496640    ----a-w-    c:\windows\SysWow64\vbscript.dll
2015-12-12 17:37 . 2016-01-13 04:27    315392    ----a-w-    c:\windows\system32\dxtrans.dll
2015-12-12 17:37 . 2016-01-13 04:27    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2015-12-12 17:36 . 2016-01-13 04:27    341504    ----a-w-    c:\windows\SysWow64\html.iec
2015-12-12 17:36 . 2016-01-13 04:27    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2015-12-12 17:35 . 2016-01-13 04:27    152064    ----a-w-    c:\windows\system32\occache.dll
2015-12-12 17:27 . 2016-01-13 04:27    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2015-12-12 17:27 . 2016-01-13 04:27    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2015-12-12 17:25 . 2016-01-13 04:27    262144    ----a-w-    c:\windows\system32\webcheck.dll
2015-12-12 17:23 . 2016-01-13 04:27    798208    ----a-w-    c:\windows\system32\msfeeds.dll
2015-12-12 17:22 . 2016-01-13 04:27    718336    ----a-w-    c:\windows\system32\ie4uinit.exe
2015-12-12 17:21 . 2016-01-13 04:27    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2015-12-12 17:20 . 2016-01-13 04:27    2123264    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-12-12 17:18 . 2016-01-13 04:27    14457856    ----a-w-    c:\windows\system32\ieframe.dll
2015-12-12 17:14 . 2016-01-13 04:27    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-12-12 17:09 . 2016-01-13 04:27    4610560    ----a-w-    c:\windows\SysWow64\jscript9.dll
2015-12-12 17:06 . 2016-01-13 04:27    2487808    ----a-w-    c:\windows\system32\wininet.dll
2015-12-12 17:00 . 2016-01-13 04:27    2050560    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2015-12-12 17:00 . 2016-01-13 04:27    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2015-12-12 16:54 . 2016-01-13 04:27    1546752    ----a-w-    c:\windows\system32\urlmon.dll
2015-12-12 16:42 . 2016-01-13 04:27    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2015-12-12 16:41 . 2016-01-13 04:27    2011136    ----a-w-    c:\windows\SysWow64\wininet.dll
2015-12-11 18:57 . 2016-01-13 04:26    1164800    ----a-w-    c:\windows\system32\aeinv.dll
2015-12-08 21:54 . 2016-01-13 04:26    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-13 04:26    902144    ----a-w-    c:\windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-13 04:26    739328    ----a-w-    c:\windows\SysWow64\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-13 04:25    815616    ----a-w-    c:\windows\SysWow64\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-13 04:25    541184    ----a-w-    c:\windows\SysWow64\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-13 04:25    740352    ----a-w-    c:\windows\SysWow64\wmpmde.dll
2015-12-08 21:54 . 2016-01-13 04:25    1568768    ----a-w-    c:\windows\SysWow64\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-13 04:25    665088    ----a-w-    c:\windows\SysWow64\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-13 04:25    358400    ----a-w-    c:\windows\SysWow64\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-13 04:25    1325056    ----a-w-    c:\windows\SysWow64\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-13 04:25    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-13 04:25    154112    ----a-w-    c:\windows\SysWow64\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-13 04:25    206848    ----a-w-    c:\windows\SysWow64\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-13 04:27    509952    ----a-w-    c:\windows\SysWow64\qedit.dll
2015-12-08 21:53 . 2016-01-13 04:25    1329664    ----a-w-    c:\windows\SysWow64\quartz.dll
2015-12-08 21:53 . 2016-01-13 04:25    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2015-12-08 21:53 . 2016-01-13 04:25    206848    ----a-w-    c:\windows\SysWow64\qasf.dll
2015-12-08 21:53 . 2016-01-13 04:26    970240    ----a-w-    c:\windows\SysWow64\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-13 04:26    829952    ----a-w-    c:\windows\SysWow64\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-13 04:25    241152    ----a-w-    c:\windows\SysWow64\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-13 04:25    241152    ----a-w-    c:\windows\SysWow64\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-13 04:25    415744    ----a-w-    c:\windows\SysWow64\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-13 04:25    79872    ----a-w-    c:\windows\SysWow64\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-13 04:26    3209728    ----a-w-    c:\windows\SysWow64\mf.dll
2015-12-08 21:53 . 2016-01-13 04:25    354816    ----a-w-    c:\windows\SysWow64\mfplat.dll
2015-12-08 21:53 . 2016-01-13 04:25    609280    ----a-w-    c:\windows\SysWow64\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-13 04:25    53248    ----a-w-    c:\windows\SysWow64\mfvdsp.dll
2015-12-08 21:53 . 2016-01-13 04:25    103424    ----a-w-    c:\windows\SysWow64\mfps.dll
2015-12-08 21:53 . 2016-01-13 04:25    4608    ----a-w-    c:\windows\SysWow64\ksuser.dll
2015-12-08 21:53 . 2016-01-13 04:25    489984    ----a-w-    c:\windows\SysWow64\evr.dll
2015-12-08 21:53 . 2016-01-13 04:25    67584    ----a-w-    c:\windows\SysWow64\devenum.dll
2015-12-08 21:53 . 2016-01-13 04:25    153600    ----a-w-    c:\windows\SysWow64\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-13 04:25    50176    ----a-w-    c:\windows\SysWow64\rrinstaller.exe
2015-12-08 21:53 . 2016-01-13 04:25    23040    ----a-w-    c:\windows\SysWow64\mfpmp.exe
2015-12-08 21:53 . 2016-01-13 04:25    193536    ----a-w-    c:\windows\SysWow64\ksproxy.ax
2015-12-08 21:52 . 2016-01-13 04:24    312320    ----a-w-    c:\windows\SysWow64\gdi32.dll
2015-12-08 21:50 . 2016-01-13 04:25    2048    ----a-w-    c:\windows\SysWow64\mferror.dll
2015-12-08 19:07 . 2016-01-13 04:26    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2015-12-08 19:07 . 2016-01-13 04:26    1232896    ----a-w-    c:\windows\system32\WMADMOD.DLL
2015-12-08 19:07 . 2016-01-13 04:26    978944    ----a-w-    c:\windows\system32\WMSPDMOD.DLL
2015-12-08 19:07 . 2016-01-13 04:26    666112    ----a-w-    c:\windows\system32\WMVSDECD.DLL
2015-12-08 19:07 . 2016-01-13 04:25    1153024    ----a-w-    c:\windows\system32\WMADMOE.DLL
2015-12-08 19:07 . 2016-01-13 04:25    1026048    ----a-w-    c:\windows\system32\wmpmde.dll
2015-12-08 19:07 . 2016-01-13 04:25    1955328    ----a-w-    c:\windows\system32\WMVENCOD.DLL
2015-12-08 19:07 . 2016-01-13 04:25    642048    ----a-w-    c:\windows\system32\WMVXENCD.DLL
2015-12-08 19:07 . 2016-01-13 04:25    1575424    ----a-w-    c:\windows\system32\WMSPDMOE.DLL
2015-12-08 19:07 . 2016-01-13 04:25    447488    ----a-w-    c:\windows\system32\WMVSENCD.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-09-06 3216272]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2013-01-30 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-12-27 4522496]
"BrHelp"="c:\program files (x86)\Brother\Brother Help\BrotherHelp.exe" [2013-01-18 2009088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-11 04:35    1090376    ----a-w-    c:\program files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-22 03:19]
.
2016-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-14 16:10]
.
2016-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-14 16:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBRegRebootCleaner"="c:\program files (x86)\VIPRE\SBRC.exe" [2013-09-06 202128]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-07-24 2634896]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-07-24 1710568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\qucipfsh.default\
FF - ExtSQL: !HIDDEN! 2013-11-25 12:09; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-Belarc Advisor - c:\program files (x86)\Belarc\BelarcAdvisor\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-03-02  06:30:49
ComboFix-quarantined-files.txt  2016-03-02 14:30
.
Pre-Run: 586,104,832 bytes free
Post-Run: 38,244,114,432 bytes free
.
- - End Of File - - E76A063CBF4FCB07CA5BDD3E2B74FC32
A36C5E4F47E84449FF07ED3517B43A31

 

MALWAREByTES ANTIROOT......no malware

 

adws\cleaner log

 

# AdwCleaner v5.037 - Logfile created 02/03/2016 at 07:34:13
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Dale - HOME
# Running from : C:\Users\Dale\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : swdumon

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\EliteUnzip
Folder Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp
Folder Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea
Folder Found : C:\Users\Dale\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Dale\AppData\LocalLow\iac
Folder Found : C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elite Unzip

***** [ Files ] *****

File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dhhjmlmdpcpiojiffodbldlkgcnaeogp
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ffjcmnpnoopgilmnfhloocdcbnimmmea_0.localstorage
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ffjcmnpnoopgilmnfhloocdcbnimmmea_0.localstorage-journal
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.mywebsearch.com_0.localstorage
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.mywebsearch.com_0.localstorage-journal
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchable.openedhost.com_0.localstorage
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchable.openedhost.com_0.localstorage-journal
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.about.com_0.localstorage
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.about.com_0.localstorage-journal
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bleepcrawler.com_0.localstorage
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bleepcrawler.com_0.localstorage-journal
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.dogpile.com_0.localstorage
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.dogpile.com_0.localstorage-journal
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
File Found : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
File Found : C:\Windows\SysNative\drivers\swdumon.sys

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.mindspark.eliteunzip_aa
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.driverupdate.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\home.tb.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.driverupdate.net

***** [ Web browsers ] *****

[C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dhhjmlmdpcpiojiffodbldlkgcnaeogp
[C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ffjcmnpnoopgilmnfhloocdcbnimmmea

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [5442 bytes] - [02/03/2016 07:34:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5515 bytes] ##########
 

Here is the Minitool log

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Dale (administrator) on 02-03-2016 at 07:36:32
Running from "C:\Users\Dale\Desktop"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Home
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-18-F3-0E-A6-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c1f6:a6b3:4b4:5f86%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.27(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 02, 2016 5:59:47 AM
   Lease Expires . . . . . . . . . . : Thursday, March 03, 2016 6:28:42 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234887411
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-C5-46-E2-00-18-F3-0E-A6-A8
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{93E2A732-61C2-4C18-996F-A2032C12C6D3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4009:809::200e
      216.58.216.238


Pinging google.com [216.58.216.238] with 32 bytes of data:
Reply from 216.58.216.238: bytes=32 time=64ms TTL=46
Reply from 216.58.216.238: bytes=32 time=63ms TTL=46

Ping statistics for 216.58.216.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 63ms, Maximum = 64ms, Average = 63ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      2001:4998:44:204::a7
      206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=105ms TTL=42
Reply from 98.139.183.24: bytes=32 time=105ms TTL=42

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 105ms, Maximum = 105ms, Average = 105ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 18 f3 0e a6 a8 ......NVIDIA nForce Networking Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.27     11
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.27    266
     192.168.1.27  255.255.255.255         On-link      192.168.1.27    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.27    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.27    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.27    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    266 fe80::/64                On-link
 10    266 fe80::c1f6:a6b3:4b4:5f86/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/02/2016 02:28:14 AM) (Source: MsiInstaller) (User: Home)
Description: Product: Microsoft Office Office 32-bit Components 2010 - Update 'Update for Microsoft Project 2010 (KB3114419) 64-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/02/2016 02:28:14 AM) (Source: MsiInstaller) (User: Home)
Description: Product: Microsoft Office Office 32-bit Components 2010 - Update 'Update for Microsoft Project 2010 (KB3114568) 64-Bit Edition' could not be removed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/02/2016 02:28:14 AM) (Source: MsiInstaller) (User: Home)
Description: Product: Microsoft Office Office 32-bit Components 2010 -- Error 1711. Setup cannot write information to your hard disk.  Check to make certain enough disk space is available, and check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see SETUP.CHM.

Error: (03/02/2016 12:16:21 AM) (Source: VIPRE Internet Security) (User: )
Description: ERROR    3520    1    2016-03-02T00:16:21.7232000-08:00    SocialWatch.Authentication.FacebookProvider    SocialWatch.Scanner.Providers.Facebook.FacebookProvider.<AuthenticateAndScan>b__1:    System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

Error: (03/02/2016 12:00:55 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80070070).

Error: (03/02/2016 12:00:55 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).

Error: (03/01/2016 10:16:22 PM) (Source: VIPRE Internet Security) (User: )
Description: ERROR    3520    1    2016-03-01T22:16:22.2920000-08:00    SocialWatch.Authentication.FacebookProvider    SocialWatch.Scanner.Providers.Facebook.FacebookProvider.<AuthenticateAndScan>b__1:    System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

Error: (03/01/2016 08:16:20 PM) (Source: VIPRE Internet Security) (User: )
Description: ERROR    3520    1    2016-03-01T20:16:20.0216000-08:00    SocialWatch.Authentication.FacebookProvider    SocialWatch.Scanner.Providers.Facebook.FacebookProvider.<AuthenticateAndScan>b__1:    System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

Error: (03/01/2016 07:46:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5d157836-2268-4ad5-86c7-19ae3b476021}

Error: (03/01/2016 06:16:15 PM) (Source: VIPRE Internet Security) (User: )
Description: ERROR    3520    1    2016-03-01T18:16:15.4892000-08:00    SocialWatch.Authentication.FacebookProvider    SocialWatch.Scanner.Providers.Facebook.FacebookProvider.<AuthenticateAndScan>b__1:    System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.


System errors:
=============
Error: (03/02/2016 06:29:34 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/02/2016 06:26:45 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/02/2016 06:25:45 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/02/2016 06:19:16 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/02/2016 06:06:27 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (03/02/2016 05:59:21 AM) (Source: nvlddmkm) (User: )
Description:

Error: (03/02/2016 05:27:30 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (03/02/2016 05:20:49 AM) (Source: nvlddmkm) (User: )
Description:

Error: (03/02/2016 02:14:08 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80080005

Error: (03/02/2016 02:14:08 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}


Microsoft Office Sessions:
=========================
Error: (03/02/2016 02:28:14 AM) (Source: MsiInstaller)(User: Home)
Description: Microsoft Office Office 32-bit Components 2010Update for Microsoft Project 2010 (KB3114419) 64-Bit Edition1603(NULL)(NULL)(NULL)

Error: (03/02/2016 02:28:14 AM) (Source: MsiInstaller)(User: Home)
Description: Microsoft Office Office 32-bit Components 2010Update for Microsoft Project 2010 (KB3114568) 64-Bit Edition1603(NULL)(NULL)(NULL)

Error: (03/02/2016 02:28:14 AM) (Source: MsiInstaller)(User: Home)
Description: Product: Microsoft Office Office 32-bit Components 2010 -- Error 1711. Setup cannot write information to your hard disk.  Check to make certain enough disk space is available, and check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see SETUP.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/02/2016 12:16:21 AM) (Source: VIPRE Internet Security)(User: )
Description: ERROR    3520    1    2016-03-02T00:16:21.7232000-08:00    SocialWatch.Authentication.FacebookProvider    SocialWatch.Scanner.Providers.Facebook.FacebookProvider.<AuthenticateAndScan>b__1:    System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

Error: (03/02/2016 12:00:55 AM) (Source: System Restore)(User: )
Description: 0x80070070

Error: (03/02/2016 12:00:55 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070070

Error: (03/01/2016 10:16:22 PM) (Source: VIPRE Internet Security)(User: )
Description: ERROR    3520    1    2016-03-01T22:16:22.2920000-08:00    SocialWatch.Authentication.FacebookProvider    SocialWatch.Scanner.Providers.Facebook.FacebookProvider.<AuthenticateAndScan>b__1:    System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

Error: (03/01/2016 08:16:20 PM) (Source: VIPRE Internet Security)(User: )
Description: ERROR    3520    1    2016-03-01T20:16:20.0216000-08:00    SocialWatch.Authentication.FacebookProvider    SocialWatch.Scanner.Providers.Facebook.FacebookProvider.<AuthenticateAndScan>b__1:    System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

Error: (03/01/2016 07:46:50 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5d157836-2268-4ad5-86c7-19ae3b476021}

Error: (03/01/2016 06:16:15 PM) (Source: VIPRE Internet Security)(User: )
Description: ERROR    3520    1    2016-03-01T18:16:15.4892000-08:00    SocialWatch.Authentication.FacebookProvider    SocialWatch.Scanner.Providers.Facebook.FacebookProvider.<AuthenticateAndScan>b__1:    System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.


CodeIntegrity Errors:
===================================
  Date: 2016-03-02 06:25:45.269
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-02 06:25:44.427
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
LSI PCI Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.3165 - NVIDIA Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Power Resumes (HKLM-x32\...\{B4C2C217-40E0-4D8C-BB60-1A84A7ADCFAB}) (Version: 8.00.0000 - Cosmi Software)
Print Perfect Business Cards DVD (HKLM-x32\...\{2A585A2E-F274-4472-A7C7-C99AE8E501E8}) (Version: 9.4.17 - Cosmi Corporation)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C814F7D9-CE9D-45AA-BA7C-88BDD0E1EB7C}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{77A8B979-11B0-4774-8003-574EE8A4BC22}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{05916788-991E-417B-A8F3-77F90A2B8271}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D4D48631-AC28-4250-B882-C956555B0B1D}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F3FAAB68-7697-4B1F-A23A-72312565AEAB}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{944EFCFD-823D-4C0A-9B01-CD76EEAEA1F3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
VIPRE Antivirus (HKLM-x32\...\{93A32543-0107-4885-A754-70B687522AF4}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
VIPRE Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)

========================= Devices: ================================

Name: RAID Controller
Description: RAID Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_197B&DEV_2363&SUBSYS_2363197B&REV_03\4&222B3EF3&0&0058
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 4094.49 MB
Available physical RAM: 2121.79 MB
Total Virtual: 8187.19 MB
Available Virtual: 6355.58 MB

========================= Partitions: =====================================

2 Drive c: (WIN_7) (Fixed) (Total:116.9 GB) (Free:35.84 GB) NTFS
3 Drive e: (Storage) (Fixed) (Total:115.99 GB) (Free:111.86 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME

Administrator            Dale                     Guest                    

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================


**** End of log ****
 

 

 

 

 

 



#4 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:15 PM

Posted 02 March 2016 - 10:44 AM

I was going to extend the c: partition to the other data one of 115 GB but in computer management

and the hard drives it is greyed out so I cant do that either to free of HD room

 

I was at about 500mgs

 

but after combofix it say 35.8 gigs.....not sure it will stay that way I am monitoring it now

 

hope my input helps



#5 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:15 AM

Posted 02 March 2016 - 11:20 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:15 PM

Posted 02 March 2016 - 01:29 PM

I ran the scans you listed and here is the results...

I am still concerned about the HD because the free space went from

35.8 GB  to 32.4 after I ran and rebooted from the

adwcleaner. NOTHING was installed to cause 3.5 Gbs of hard drive

space to be used.

 

Malwarebytes antiroot

NO malware found

 

here is the log from adwcleaner

# AdwCleaner v5.037 - Logfile created 02/03/2016 at 08:57:13
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Dale - HOME
# Running from : C:\Users\Dale\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\EliteUnzip
[-] Folder Deleted : C:\Users\Dale\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Dale\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elite Unzip

***** [ Files ] *****

[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.mywebsearch.com_0.localstorage
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.mywebsearch.com_0.localstorage-journal
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchable.openedhost.com_0.localstorage
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchable.openedhost.com_0.localstorage-journal
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.about.com_0.localstorage
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.about.com_0.localstorage-journal
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bleepcrawler.com_0.localstorage
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.bleepcrawler.com_0.localstorage-journal
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.dogpile.com_0.localstorage
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.dogpile.com_0.localstorage-journal
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Windows\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.mindspark.eliteunzip_aa
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\home.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.driverupdate.net

***** [ Web browsers ] *****

[-] [C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4803 bytes] - [02/03/2016 08:57:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [5594 bytes] - [02/03/2016 07:34:13]
C:\AdwCleaner\AdwCleaner[S2].txt - [4711 bytes] - [02/03/2016 08:51:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5022 bytes] ##########
 

here is the log from  Junkware removal

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Enterprise x64
Ran by Dale (Administrator) on Wed 03/02/2016 at 10:21:05.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 19

Successfully deleted: C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage (File)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71R6X6NP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1U9S9AU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXG9VQ9I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE9FLPRM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71R6X6NP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1U9S9AU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXG9VQ9I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE9FLPRM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/02/2016 at 10:24:02.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#7 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:15 AM

Posted 02 March 2016 - 01:48 PM

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---


:step4: How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:15 PM

Posted 02 March 2016 - 04:15 PM

ok here are the log files

 

For the last 2 hours the computer has not eaten into the hd space.

Not sure it is fixed but it is definitely looking good.

 

WHAT do you think it was?

 

Malwarebytes did not find anything

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/2/2016
Scan Time: 12:49 PM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.02.05
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dale

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363768
Time Elapsed: 18 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

here is the FSS log

Farbar Service Scanner Version: 27-01-2016
Ran by Dale (administrator) on 02-03-2016 at 13:08:50
Running from "C:\Users\Dale\Downloads"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

 

Here is the



#9 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:15 AM

Posted 02 March 2016 - 04:57 PM

Hello again,

it looks that your problem had to do something with the temp Internet files, which were deleted by Combofix.

:step1: We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here:
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/



***


:step2: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


:step3: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:15 PM

Posted 03 March 2016 - 05:14 PM

The computer seems to be fine now. No more gigs of the hard drive being

used up for nothing.

Eset found one threat and I could  not find the place to export the threat but

it was just some malware.

 

I think the computer is fine

 

Thank you so much



#11 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:15 AM

Posted 03 March 2016 - 05:34 PM

It Appears That Your Pc Is Now Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:15 PM

Posted 03 March 2016 - 07:37 PM

JO

 

thanks so much I made a donation to bleepingcomputers a couple of weeks ago

You guys are great here

 

Julie



#13 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:15 AM

Posted 04 March 2016 - 03:45 AM

You're welcome. :thumbup2:

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:15 AM

Posted 04 March 2016 - 03:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users