So I have windows xp sp3 and yes I know that's way outdated but I honestly like windows xp. Anyways so the other day I checked my malware bytes and it came up with the hijack control panel which I then fixed with the program but I still have doubts that it fixed it 100% and or there might be other stuff on my computer. Can someone please take a look. This is the log from Combofix
ComboFix 17-07-07.01 - Lil Steve 07/14/2017 11:50:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.3548.3003 [GMT -5:00]
Running from: c:\documents and settings\Lil Steve\My Documents\Downloads\ComboFix.exe
AV: ESET Smart Security 9.0.408.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Malwarebytes *Disabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\Local Settings\Application Data\reg.exe
c:\documents and settings\Lil Steve\Application Data\inst.exe
c:\documents and settings\Lil Steve\Application Data\vso_ts_preview.xml
c:\documents and settings\Lil Steve\Local Settings\Application Data\Reg.exe
c:\documents and settings\UpdatusUser.WINDOWS-923A5F4\Local Settings\Application Data\Reg.exe
c:\documents and settings\UpdatusUser\~AA9.tmp
c:\documents and settings\UpdatusUser\Local Settings\Application Data\Reg.exe
C:\Thumbs.db
c:\windows\system32\config\systemprofile\~AA9.tmp
c:\windows\system32\config\systemprofile\Local Settings\Application Data\Reg.exe
.
.
((((((((((((((((((((((((( Files Created from 2017-06-14 to 2017-07-14 )))))))))))))))))))))))))))))))
.
.
2017-07-14 16:38 . 2017-07-14 16:42 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-14 16:45 . 2017-04-24 01:02 148256 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-14 16:45 . 2017-04-24 01:01 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-14 16:45 . 2017-04-24 01:01 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-11 13:56 . 2016-09-04 04:01 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-11 13:56 . 2016-09-04 04:01 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-18 00:45 . 2017-05-18 00:45 410928 ----a-r- c:\documents and settings\Lil Steve\Application Data\Microsoft\Installer\{8B78288C-1474-49D3-8DB7-A776F588D85C}\ARPPRODUCTICON.exe
2017-05-05 20:31 . 2017-05-05 20:31 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2017-05-02 01:39 . 2008-01-02 18:00 90112 ----a-w- c:\windows\DUMP5e4c.tmp
2017-05-02 01:15 . 2008-01-02 18:00 90112 ----a-w- c:\windows\DUMP6292.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-05 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2010-02-05 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-01-02 149280]
"RUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"DeltTray"="DeltTray.exe" [2003-09-26 56320]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-04-30 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-04-30 223008]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-08-15 77824]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI1"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RocketDock.lnk.disabled
backup=c:\windows\pss\RocketDock.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 11:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 23:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2017-01-20 13:57 2780112 ----a-w- c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 08:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
2015-07-28 23:17 1011200 ----a-w- c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2015-04-28 20:23 2086240 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Lil Steve\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/21/2015 8:47 PM 16384]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [1/30/2015 4:13 PM 206472]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/17/2013 8:17 AM 156288]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [5/5/2017 3:31 PM 23840]
R1 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [4/23/2017 8:02 PM 148256]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [4/21/2015 8:46 PM 16400]
R2 ekbdflt;ekbdflt;c:\windows\system32\drivers\ekbdflt.sys [11/20/2016 7:09 PM 122496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/20/2016 7:09 PM 2166040]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/23/2015 12:29 AM 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/23/2015 12:29 AM 4088608]
R3 DG003;Service for Digidesign 003 Driver (WDM);c:\windows\system32\drivers\dg003.sys [5/17/2017 7:45 PM 115472]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/22/2015 3:07 PM 47360]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys [1/2/2008 11:05 PM 90248]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys [1/2/2008 11:05 PM 180744]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [4/21/2015 1:09 PM 35712]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [4/23/2017 8:01 PM 3303888]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [4/23/2015 12:29 AM 235984]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [4/21/2015 8:46 PM 97808]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/16/2017 9:47 PM 35504]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam_prewin8.sys [5/20/2017 10:42 PM 20256]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-22 02:59 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-04 13:56]
.
2017-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2015-08-27 05:26]
.
2017-07-14 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-04-23 09:52]
.
2017-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-01-03 18:05]
.
2017-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-01-03 18:05]
.
2017-07-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-04-23 08:41]
.
2017-07-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2015-04-23 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-DelaypluginInstall - c:\documents and settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSConfigStartUp-TuneClone - c:\program files\TuneClone\TuneClone.exe
AddRemove-Roger Nichols Digital InspectorXL VST RTAS_is1 - c:\program files\Roger Nichols Digital
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-14 11:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f8,6a,64,20,11,84,76,e1,a4,79,8d,aa,6d,b6,da,a0,72,9e,88,bd,6a,
06,4d,33,bf,72,60,93,cc,4f,73,7e,c8,b5,fd,17,35,f8,b4,b8,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9ddd60b-6e59-4e08-a9d2-1fe763c5e8a5}]
@Denied: (Full) (Everyone)
"Model"=dword:000000b2
"Therad"=dword:00000008
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2017-07-14 12:00:28
ComboFix-quarantined-files.txt 2017-07-14 17:00
.
Pre-Run: 185,370,742,784 bytes free
Post-Run: 185,337,036,800 bytes free
.
- - End Of File - - 148BD2D46D360AFF70020C427ACBD53E
8F558EB6672622401DA993E1E865C861
ComboFix 17-07-07.01 - Lil Steve 07/14/2017 11:50:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.3548.3003 [GMT -5:00]
Running from: c:\documents and settings\Lil Steve\My Documents\Downloads\ComboFix.exe
AV: ESET Smart Security 9.0.408.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Malwarebytes *Disabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\Local Settings\Application Data\reg.exe
c:\documents and settings\Lil Steve\Application Data\inst.exe
c:\documents and settings\Lil Steve\Application Data\vso_ts_preview.xml
c:\documents and settings\Lil Steve\Local Settings\Application Data\Reg.exe
c:\documents and settings\UpdatusUser.WINDOWS-923A5F4\Local Settings\Application Data\Reg.exe
c:\documents and settings\UpdatusUser\~AA9.tmp
c:\documents and settings\UpdatusUser\Local Settings\Application Data\Reg.exe
C:\Thumbs.db
c:\windows\system32\config\systemprofile\~AA9.tmp
c:\windows\system32\config\systemprofile\Local Settings\Application Data\Reg.exe
.
.
((((((((((((((((((((((((( Files Created from 2017-06-14 to 2017-07-14 )))))))))))))))))))))))))))))))
.
.
2017-07-14 16:38 . 2017-07-14 16:42 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-14 16:45 . 2017-04-24 01:02 148256 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-14 16:45 . 2017-04-24 01:01 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-14 16:45 . 2017-04-24 01:01 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-11 13:56 . 2016-09-04 04:01 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-11 13:56 . 2016-09-04 04:01 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-18 00:45 . 2017-05-18 00:45 410928 ----a-r- c:\documents and settings\Lil Steve\Application Data\Microsoft\Installer\{8B78288C-1474-49D3-8DB7-A776F588D85C}\ARPPRODUCTICON.exe
2017-05-05 20:31 . 2017-05-05 20:31 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2017-05-02 01:39 . 2008-01-02 18:00 90112 ----a-w- c:\windows\DUMP5e4c.tmp
2017-05-02 01:15 . 2008-01-02 18:00 90112 ----a-w- c:\windows\DUMP6292.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-05 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2010-02-05 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-01-02 149280]
"RUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"DeltTray"="DeltTray.exe" [2003-09-26 56320]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-04-30 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-04-30 223008]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-08-15 77824]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI1"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RocketDock.lnk.disabled
backup=c:\windows\pss\RocketDock.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 11:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 23:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2017-01-20 13:57 2780112 ----a-w- c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 08:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
2015-07-28 23:17 1011200 ----a-w- c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2015-04-28 20:23 2086240 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Lil Steve\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/21/2015 8:47 PM 16384]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [1/30/2015 4:13 PM 206472]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/17/2013 8:17 AM 156288]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [5/5/2017 3:31 PM 23840]
R1 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [4/23/2017 8:02 PM 148256]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [4/21/2015 8:46 PM 16400]
R2 ekbdflt;ekbdflt;c:\windows\system32\drivers\ekbdflt.sys [11/20/2016 7:09 PM 122496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/20/2016 7:09 PM 2166040]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/23/2015 12:29 AM 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/23/2015 12:29 AM 4088608]
R3 DG003;Service for Digidesign 003 Driver (WDM);c:\windows\system32\drivers\dg003.sys [5/17/2017 7:45 PM 115472]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/22/2015 3:07 PM 47360]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys [1/2/2008 11:05 PM 90248]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys [1/2/2008 11:05 PM 180744]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [4/21/2015 1:09 PM 35712]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [4/23/2017 8:01 PM 3303888]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [4/23/2015 12:29 AM 235984]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [4/21/2015 8:46 PM 97808]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/16/2017 9:47 PM 35504]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam_prewin8.sys [5/20/2017 10:42 PM 20256]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-22 02:59 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-04 13:56]
.
2017-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2015-08-27 05:26]
.
2017-07-14 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-04-23 09:52]
.
2017-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-01-03 18:05]
.
2017-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-01-03 18:05]
.
2017-07-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-04-23 08:41]
.
2017-07-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2015-04-23 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-DelaypluginInstall - c:\documents and settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSConfigStartUp-TuneClone - c:\program files\TuneClone\TuneClone.exe
AddRemove-Roger Nichols Digital InspectorXL VST RTAS_is1 - c:\program files\Roger Nichols Digital
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-14 11:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f8,6a,64,20,11,84,76,e1,a4,79,8d,aa,6d,b6,da,a0,72,9e,88,bd,6a,
06,4d,33,bf,72,60,93,cc,4f,73,7e,c8,b5,fd,17,35,f8,b4,b8,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e9ddd60b-6e59-4e08-a9d2-1fe763c5e8a5}]
@Denied: (Full) (Everyone)
"Model"=dword:000000b2
"Therad"=dword:00000008
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2017-07-14 12:00:28
ComboFix-quarantined-files.txt 2017-07-14 17:00
.
Pre-Run: 185,370,742,784 bytes free
Post-Run: 185,337,036,800 bytes free
.
- - End Of File - - 148BD2D46D360AFF70020C427ACBD53E
8F558EB6672622401DA993E1E865C861