TechSpot

PC Cleaner accedental instal while installing Filezilla on work PC, potential virus

Solved
By tedus987
Jul 9, 2014
  1. So on my first day of work I was instructed to install something by my boss, however in installed PC cleaner aswell because I was destracted while trying to install. (need a hands free kit)

    here are the logs.

    MBAM
    -----------------------

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 09/07/2014
    Scan Time: 11:16:32
    Logfile: MBAM log detection.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.09.03
    Rootkit Database: v2014.07.07.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Luke Fitton

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 350910
    Time Elapsed: 45 min, 17 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-126465478-2479770431-1784574984-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [9224801ccdae3501ec97429abd45837d],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-126465478-2479770431-1784574984-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [595de4b8a4d77db98506658d51b2748c],

    Registry Values: 1
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-126465478-2479770431-1784574984-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0E1D1S1L2Y1C1O, Quarantined, [595de4b8a4d77db98506658d51b2748c]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    -------------------------

    DDS

    -------------------------
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17126
    Run by Luke Fitton at 15:12:40 on 2014-07-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8133.6630 [GMT 1:00]
    .
    AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
    SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Extreme Security Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
    C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Skype\Updater\Updater.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{69811E27-1133-44DD-B9F8-0A928A5D3582} : DHCPNameServer = 192.168.3.1
    TCP: Interfaces\{E5414010-5DBE-4DEA-AD4E-AE82AECD1FC6} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{F4B222B5-DF14-4703-8CAF-0BB117DBAB24} : DHCPNameServer = 192.168.0.1
    SSODL: WebCheck - <orphaned>
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    x64-Run: [NUSB3MON] "C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"
    x64-Run: [ISW] "C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe" /icon="hidden"
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Luke Fitton\AppData\Roaming\Mozilla\Firefox\Profiles\ahruq7t2.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-6 83176]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-6 43240]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-4-25 20464]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-7-9 29792]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2014-7-9 54104]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-7-9 177760]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-16 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-15 344064]
    R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2014-6-20 936728]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
    R2 ISWKL;ZoneAlarm AntiKeylogger ISWKL;C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [2014-5-14 54144]
    R2 IswSvc;ZoneAlarm AntiKeylogger IswSvc;C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [2014-5-14 1143928]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-5-29 90936]
    R2 ZoneAlarm AntiTheft;ZoneAlarm AntiTheft;C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [2014-5-30 3128968]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2013-5-27 106816]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2013-5-27 227648]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-25 58536]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-6-20 169432]
    S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-8-20 138568]
    S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-8-20 416072]
    S3 icsak;icsak;C:\Program Files (x86)\CheckPoint\AKL\AK\icsak.sys [2014-5-14 48512]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-20 111616]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-4-25 449496]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-4-25 368624]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-4-25 790000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-25 19456]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-27 936664]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-2-23 1142376]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-4-25 29696]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-25 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-4-25 29696]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-25 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-07-09 10:22:16 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{340D9512-C2AE-4ABB-A05F-23E0CC0F00D3}\mpengine.dll
    2014-07-09 09:00:26 -------- d-----w- C:\Users\Luke Fitton\AppData\Local\Skype
    2014-07-09 09:00:17 -------- d-----r- C:\Program Files (x86)\Skype
    2014-07-09 08:52:21 -------- d-----w- C:\Users\Luke Fitton\AppData\Local\paint.net
    2014-07-09 08:52:21 -------- d-----w- C:\Program Files\paint.net
    2014-07-09 08:32:18 646280 ----a-w- C:\Windows\System32\AntiTheftCredentialProvider.dll
    2014-07-09 08:32:01 -------- d-----w- C:\Users\Luke Fitton\AppData\Roaming\CheckPoint
    2014-07-09 08:31:49 -------- d-----w- C:\Program Files (x86)\PC Tune-Up
    2014-07-09 08:31:45 54104 ----a-w- C:\Windows\System32\drivers\kltdi.sys
    2014-07-09 08:31:45 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
    2014-07-09 08:31:45 177760 ----a-w- C:\Windows\System32\drivers\kneps.sys
    2014-07-09 08:31:44 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys
    2014-07-09 08:31:43 92768 ----a-w- C:\Windows\System32\drivers\klflt.sys
    2014-07-09 08:22:08 -------- d-----w- C:\Program Files (x86)\CheckPoint
    2014-07-09 08:21:56 -------- d-----w- C:\ProgramData\CheckPoint
    2014-06-27 11:54:23 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-06-27 11:54:14 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-06-27 11:54:14 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-06-27 11:54:14 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-06-27 11:54:14 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-06-27 11:54:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-27 11:53:59 -------- d-----w- C:\Users\Luke Fitton\AppData\Local\Programs
    2014-06-27 10:55:24 936664 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2014-06-27 10:55:24 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2014-06-27 10:22:20 -------- d-----w- C:\Users\Luke Fitton\AppData\Local\ElevatedDiagnostics
    2014-06-25 17:01:12 -------- d-----w- C:\Users\Luke Fitton\AppData\Local\AMD
    2014-06-25 17:01:05 -------- d-----w- C:\Users\Luke Fitton\AppData\Local\ATI
    2014-06-25 17:00:57 0 ----a-w- C:\Windows\ativpsrm.bin
    2014-06-25 17:00:04 -------- d-sh--w- C:\Users\Luke Fitton\AppData\Local\EmieUserList
    2014-06-25 17:00:04 -------- d-sh--w- C:\Users\Luke Fitton\AppData\Local\EmieSiteList
    2014-06-25 16:59:27 -------- d-----w- C:\Users\Luke Fitton\AppData\Roaming\library_dir
    2014-06-25 16:51:47 -------- d-----w- C:\Program Files (x86)\Raptr
    2014-06-25 16:51:38 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2014-06-25 16:51:38 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2014-06-25 16:51:22 -------- d-----w- C:\ProgramData\AMD
    2014-06-25 16:51:11 -------- d-----w- C:\Program Files\AMD
    2014-06-25 16:50:45 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2014-06-25 16:47:58 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2014-06-25 16:47:55 58536 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
    2014-06-25 16:47:13 -------- d-----w- C:\ProgramData\Package Cache
    2014-06-25 16:47:06 -------- d-----w- C:\Program Files\ATI Technologies
    2014-06-25 16:47:04 -------- d-----w- C:\Program Files\ATI
    2014-06-25 16:46:30 -------- d-----w- C:\AMD
    2014-06-20 13:46:13 506368 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-20 13:46:13 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-20 13:41:43 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-06-20 13:40:59 57344 ----a-w- C:\Windows\System32\cngprovider.dll
    2014-06-20 13:39:42 28672 ----a-w- C:\Windows\SysWow64\AsIO.dll
    2014-06-20 13:39:42 15232 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
    2014-06-20 13:39:42 -------- d-----w- C:\Program Files\ASUS
    2014-06-20 13:39:42 -------- d-----w- C:\Program Files (x86)\ASUS
    2014-06-20 13:39:41 2356592 ----a-w- C:\Windows\System32\WudfUpdate_01011.dll
    2014-06-20 13:39:41 107008 ----a-w- C:\Windows\System32\drivers\UMDF\ASMBSW.dll
    2014-06-20 13:36:54 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
    2014-06-20 13:34:21 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
    2014-06-20 13:33:45 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
    2014-06-20 13:33:06 16344 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
    2014-06-20 13:32:29 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    2014-06-20 13:31:55 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2014-06-20 13:31:49 -------- d-----w- C:\Intel
    .
    ==================== Find3M ====================
    .
    2014-06-27 10:54:54 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
    2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-05-30 01:35:18 450968 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
    2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2014-04-16 02:39:52 274656 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
    2014-04-16 02:37:30 15376384 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2014-04-16 02:23:38 231424 ----a-w- C:\Windows\System32\clinfo.exe
    2014-04-16 02:23:28 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
    2014-04-16 02:23:28 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
    2014-04-16 02:23:26 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
    2014-04-16 02:23:26 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
    2014-04-16 02:23:24 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2014-04-16 02:23:18 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2014-04-16 02:23:12 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
    2014-04-16 02:23:08 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2014-04-16 02:23:02 28685824 ----a-w- C:\Windows\System32\amdocl64.dll
    2014-04-16 02:20:22 24107520 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2014-04-16 02:17:56 65024 ----a-w- C:\Windows\System32\OpenCL.dll
    2014-04-16 02:17:52 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2014-04-16 02:13:40 127488 ----a-w- C:\Windows\System32\mantle64.dll
    2014-04-16 02:13:20 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
    2014-04-16 02:13:00 5442048 ----a-w- C:\Windows\System32\amdmantle64.dll
    2014-04-16 02:12:38 27907584 ----a-w- C:\Windows\System32\atio6axx.dll
    2014-04-16 01:58:48 4358656 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
    2014-04-16 01:51:34 23409152 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2014-04-16 01:46:32 368128 ----a-w- C:\Windows\System32\atiapfxx.exe
    2014-04-16 01:46:24 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
    2014-04-16 01:46:22 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2014-04-16 01:46:20 91136 ----a-w- C:\Windows\System32\mantleaxl64.dll
    2014-04-16 01:46:16 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
    2014-04-16 01:46:14 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2014-04-16 01:46:08 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
    2014-04-16 01:46:00 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
    2014-04-16 01:42:48 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2014-04-16 01:33:08 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
    2014-04-16 01:33:04 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
    2014-04-16 01:30:08 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2014-04-16 01:29:56 31232 ----a-w- C:\Windows\System32\atimuixx.dll
    2014-04-16 01:29:48 586240 ----a-w- C:\Windows\System32\atieclxx.exe
    2014-04-16 01:29:18 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2014-04-16 01:28:24 190976 ----a-w- C:\Windows\System32\atitmm64.dll
    2014-04-16 01:19:46 806912 ----a-w- C:\Windows\System32\coinst_14.100.dll
    2014-04-16 01:09:00 1177600 ----a-w- C:\Windows\System32\atiadlxx.dll
    2014-04-16 01:08:48 848896 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2014-04-16 01:07:48 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
    2014-04-16 01:07:42 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2014-04-16 01:07:42 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
    2014-04-16 01:07:34 146944 ----a-w- C:\Windows\System32\atig6txx.dll
    2014-04-16 01:07:20 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2014-04-16 01:07:04 638976 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2014-04-16 01:04:46 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2014-04-15 21:33:30 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2014-04-15 21:28:56 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 15:12:51.25 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25/06/2014 17:43:52
    System Uptime: 09/07/2014 15:11:36 (0 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | A88XM-A
    Processor: AMD A4-4000 APU with Radeon(tm) HD Graphics | FM2+ | 3000/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 119 GiB total, 93.887 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 465.657 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_85541043&REV_0C\4&39937546&0&00AA
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller #2
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_85541043&REV_0C\4&39937546&0&00AA
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20 (x64 edition)
    AMD Accelerated Video Transcoding
    AMD Catalyst Control Center
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD USB 3.0 Device Detector
    AMD Wireless Display v3.0
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    FileZilla Client 3.8.1
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft .NET Framework 4.5.1
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    Mozilla Firefox 30.0 (x86 en-GB)
    Mozilla Maintenance Service
    paint.net
    PC Tune-Up
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Skype™ 6.16
    ZoneAlarm Antivirus
    ZoneAlarm Extreme Security
    ZoneAlarm Find My Laptop
    ZoneAlarm Firewall
    ZoneAlarm Security
    .
    ==== End Of File ===========================

    lease help.

    P.s. I will only be able to respond out of hours.
     
  2. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Hello and welcome to TechSpot.com My name is Dave. I will be helping you out with your particular problem on your computer.
    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.
    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please download AdwCleaner by Xplode onto your Desktop.
    Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
    [​IMG]
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    When the AdwCleaner program will open, click on the Scan button as shown below.
    [​IMG]
    AdwCleaner will now start to search for malicious files that may be installed on your computer.
    To remove the files that were detected in the previous step, please click on the Clean button.
    [​IMG]
    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
    *********************************************
    Please download Junkware Removal Tool to your desktop.
    Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    Shut down your protection software now to avoid potential conflicts.
    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    •The tool will open and start scanning your system.
    •Please be patient as this can take a while to complete depending on your system's specifications.
    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    •Copy and Paste the JRT.txt log into your next message.
    **********************************************
    Download Security Check by screen317 from one of the following links and save it to your desktop.
    Link 1
    Link 2
    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.
    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
     
  3. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    Ok, here's the logs.

    # AdwCleaner v3.215 - Report created 10/07/2014 at 15:00:53
    # Updated 09/07/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Luke Fitton - LUKEFITTON-PC
    # Running from : C:\Users\Luke Fitton\Desktop\adwcleaner_3.215.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    -\\ Mozilla Firefox v30.0 (en-GB)

    [ File : C:\Users\Luke Fitton\AppData\Roaming\Mozilla\Firefox\Profiles\ahruq7t2.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [800 octets] - [10/07/2014 14:59:01]
    AdwCleaner[S0].txt - [722 octets] - [10/07/2014 15:00:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [781 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Luke Fitton on 10/07/2014 at 15:02:59.76
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/07/2014 at 15:09:52.24
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    also security check cropped up with

    UNSUPPORTED OPERATING SYSTEM! ABORTED!

    however this computer was purchaced and built by a lagitimate company known as scan computers... so I have no idea why the windows 7 64 bit operating system would act like that.
     
  4. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Malwarebytes' Anti-Rootkit
    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
     
  5. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.05.21.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17207
    Luke Fitton :: LUKEFITTON-PC [administrator]

    11/07/2014 15:04:29
    mbar-log-2014-07-11 (15-04-29).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 248137
    Time elapsed: 10 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    and

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17207

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 3.015000 GHz
    Memory total: 8527872000, free: 6121189376

    Downloaded database version: v2014.07.09.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    07/11/2014 15:04:23
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    \SystemRoot\system32\DRIVERS\kl1.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\vsdatant.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\klim6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\SysWow64\drivers\AsIO.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\amdxhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\amdhub30.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \??\C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\nsi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\imm32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\lpk.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\psapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\wininet.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\sechost.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\ole32.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\profapi.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa800769d790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000066\
    Lower Device Object: 0xfffffa80070a2060
    Lower Device Driver Name: \Driver\amd_sata\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800769c060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000065\
    Lower Device Object: 0xfffffa80075143b0
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800769c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800769cab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800769c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007513040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa80075143b0, DeviceName: \Device\00000065\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: BD10C7F8

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 217088
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 224910 Numsec = 249838771

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 128035676160 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa800769d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800769d250, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800769d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007513ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa80070a2060, DeviceName: \Device\00000066\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B0F614C8

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976766976

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  6. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    I'd like to scan your machine with ESET OnlineScan
    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
    •Click the [​IMG] button.
    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    •Check [​IMG]
    •Click the [​IMG] button.
    •Accept any security warnings from your browser.
    • Leave the check mark next to Remove found threats.
    •Check [​IMG]
    •Push the Start button.
    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    •When the scan completes, push [​IMG]
    •Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    •Push the [​IMG] button.
    •Push [​IMG]
    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
     
  7. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    Ok so only one of the items on the following list were actually part of the problem.

    the rest are known false positives.

    the first one was a Zone alarm uninstaller
    the third was file zilla's installer and
    the forth was Zone alarm installer

    I've restored the ones I know arn't malware.

    and kept that second one in quarintine.

    --------------------------------------------------------------------------------------------------------------

    C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
    C:\Users\Luke Fitton\AppData\Local\Temp\is386526232\423839B5_stp\pc-cleaner-3275.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
    C:\Users\Luke Fitton\Desktop\FileZilla_3.7.3_win32-setup.exe a variant of Win32/InstallCore.LA potentially unwanted application deleted - quarantined
    C:\Users\Luke Fitton\Downloads\ZASPSetupWeb_132_015_000.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined

    -------------------------------------------------------------------------------------------------------------
    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=ee00113e8f32a448838b51ab57db456b
    # engine=19145
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2014-07-12 01:58:02
    # local_time=2014-07-12 02:58:02 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776573 100 94 99922 157638532 0 0
    # compatibility_mode_1='ZoneAlarm Extreme Security Antivirus'
    # compatibility_mode=9218 16777213 100 98 278775 20877680 0 0
    # scanned=92806
    # found=4
    # cleaned=4
    # scan_time=2002
    sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe"
    sh=0172E69BF68B71F131C562CCEC25131D52E563D9 ft=1 fh=f64f4ef262a4cd79 vn="a variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Luke Fitton\AppData\Local\Temp\is386526232\423839B5_stp\pc-cleaner-3275.exe"
    sh=8D834B72753122AFE19F221D4A59FE6E2A2FDB48 ft=1 fh=c71c0011dbe79aa1 vn="a variant of Win32/InstallCore.LA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Luke Fitton\Desktop\FileZilla_3.7.3_win32-setup.exe"
    sh=F35F0616348E2D9E38D492EF3238D1FED9A5B710 ft=1 fh=bfbf79ec6ff9d9a0 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Luke Fitton\Downloads\ZASPSetupWeb_132_015_000.exe"

    ------------------------------------------------------------------------------------------------------------

    so what's the next step.
     
  8. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    I don't understand what you're saying here. Does this mean you've restored some of the infections?
     
  9. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    The ones that I know are knows FPs yes

    in the logs the first detection is part of a trial for zone alarm Extream security, more specifically the uninstaller, the file in question has been picked up as a FP in the past.

    like the first file the 3rd detection is the installer for fileZilla, an application that's required for my job.

    finally the 4th one is the installer for zone alarm extream security. which again has been picked up as a FP in the past.

    if I kept any of these in quarintine then I ran the risk of breaking the applications.
     
    Last edited: Jul 14, 2014
  10. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Please run ESET again and do not alter the process.
     
  11. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    Hold on, if I do that the Zone alarm application stops working and refuse to run because ESET see a part of it as a false positives when I know from experiance and talking to them that it's not...

    I mean I ran a virus total scan on the files to check.(the installer for zone alarm self deletes after a few days.)

    zone alarm uninstaller (part of the application, I remove this and my firewall stops running.)

    https://www.virustotal.com/en-gb/fi...5fd8f9ce04ea2db5f96eef88/analysis/1405418676/

    file zilla setup

    https://www.virustotal.com/en-gb/file/494319c3f826ec25bc64296ce1a658d36efc83e44d971d942e0976fab3e16548/analysis/1405418842/

    ok since that ones the setup file and thus redundant that one's been deleted.

    however I can't remove the zone alarm file because as stated my firewall won't start back up unless the file is put back. zone alarm have always been like that.

    I can actually see why it's detecting it as a FP, part of the zone alarm package comes with a toolbar (that I have not installed.) that uses some less than secure code. that uninstaller has to look for the tool bar when executed.
     
    Last edited: Jul 15, 2014
     
  12. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    If you don't want to follow my advice there's not much more I can do for you.
     
  13. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    So what your saying is do what I say and destroy your firewall or don't do it at all...

    to solve this matter I have sent the detected file to ESET's support email informing them of my belife that it's a false positive.

    ----------------------------------------------------------------------------------------

    Ok, well I got my e-mail back,

    Dear Luke
    the detection and classification as PUA (potentially unwanted application) is correct. Even file details show copyright owned by "Conduit Ltd", not Zone Alarm.
    The ZoneAlarm free installation package also contains the file ConduitInetc.dll and downloads additional files from ie.conduit-download.com. So it's clearly Conduit PUA which they bundle.


    Regards,

    ESET Malware Response Team

    this could be due to the triel version of zone alarm extreme security.

    hold while I talk to my boss about upgrading the package.

    ----------------------------------------------------------------------------------------------------------------
     
    Last edited: Jul 16, 2014
  14. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    OK I'll run ESET once I deal with problem A... problem A being getting the full version of zone alarm. which will take some times since there databases are down.
     
    Last edited: Jul 16, 2014
  15. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    It won't destroy any of your programs.
     
  16. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    Ok, here's the ESEt log

    ---------------------------------------------------------------------------------------------------------------

    C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
    C:\Users\Luke Fitton\Desktop\FileZilla_3.7.3_win32-setup.exe a variant of Win32/InstallCore.LA potentially unwanted application deleted - quarantined
    C:\Users\Luke Fitton\Downloads\ZASPSetupWeb_132_015_000.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined

    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=ee00113e8f32a448838b51ab57db456b
    # engine=19223
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2014-07-17 04:35:15
    # local_time=2014-07-17 05:35:15 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776573 100 94 196233 158079965 0 0
    # compatibility_mode_1='ZoneAlarm Extreme Security Antivirus'
    # compatibility_mode=9218 16777213 100 98 720208 21319113 0 0
    # scanned=97784
    # found=3
    # cleaned=3
    # scan_time=2440
    sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe"
    sh=8D834B72753122AFE19F221D4A59FE6E2A2FDB48 ft=1 fh=c71c0011dbe79aa1 vn="a variant of Win32/InstallCore.LA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Luke Fitton\Desktop\FileZilla_3.7.3_win32-setup.exe"
    sh=F35F0616348E2D9E38D492EF3238D1FED9A5B710 ft=1 fh=bfbf79ec6ff9d9a0 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Luke Fitton\Downloads\ZASPSetupWeb_132_015_000.exe"
     
  17. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Ok, how's your computer running now? Any other issues?
     
  18. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    So far so good, next step?
     
  19. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    That's it. Let's do some clean up.
    This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create Registry backup
    • Purge System Restore Points
    • Re-set system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.
    *************************************************
    Click Start> Computer> right click the C Drive and choose Properties> enter
    Click Disk Cleanup from there.
    [​IMG]
    Click OK on the Disk Cleanup Screen.
    Click Yes on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    **********************************************
    Go to Microsoft Windows Update and get all critical updates.
    ----------
    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.
    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
    Safe Surfing!
     
  20. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    Done, out of curiosity what did Re-set system settings do...

    also your refrence is out of date for windows 7 users.

    it should be...

    ----------------------------------------------------------------------------


    The following procedure cleans up files associated with your user account. You can also use Disk Cleanup to clean up all the files on your computer.

    1. Open Disk Cleanup by clicking the Start button [​IMG]. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

    2. In the Drives list, click the hard disk drive that you want to clean up, and then click OK.

    3. In the Disk Cleanup dialog box, on the Disk Cleanup tab, select the check boxes for the file types that you want to delete, and then click OK.

    4. In the message that appears, click Delete files.
     
  21. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    I'm not sure but I would suppose that it sets a new, clean Restore Point.
    Thanks for the information about diskcleanup. I'll have to try that on my notebook with Windows 7.
     
  22. tedus987

    tedus987 TS Enthusiast Topic Starter Posts: 196

    No problem, sorry I havn't responded in the past few days, we had thunder overhead on friday for 4 hours and now my internet is acting up while I wait for my excange to sort itself out.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.