Believed to have been infected with a virus....

Jack.Kirkby · May 31, 2013

Hey Sysnative,

I was recently browsing my computer for not used files when I came upon a file called Sanatorium14.exe, remembering that I had downloaded it and it didn't work I tried one last time to see if it would start. I ran it only to realise that my computer was really slow and laggy and I have a decent computer. I tried to open task manager but didn't work. I looked to see If my internet security was turned on to see it not running. I then realised that I had been trying to make my windows updater work and had disabled it while doing this and hadn't turned it back on. I then immediately turned off the computer at the wall and then turned my trend micro security back on after logging back in. But I noticed my windows defender would not turn on I went into Action center tried turning it on, but no luck. I then deleted the Sanatorium14.exe file and searched for some answers on getting rid of this virus I believed to have and found Sysnative. I would really appreciate if you guys could help me out in getting rid of this virus.

Results of screen317's Security Check version 0.99.64
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.7.700.202
Google Chrome 26.0.1410.64
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro AMSP AMSP_LogServer.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.17.2
Run by Jack at 13:11:34 on 2013-06-01
Microsoft Windows 8 6.2.9200.0.1252.61.2057.18.8087.5913 [GMT 10:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Jack\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe
C:\Program Files (x86)\Razer\Arctosa\razerhid.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wwahost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Users\Jack\Downloads\SecurityCheck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [IMG_17032013_184945.scr] C:\Users\Jack\AppData\Local\Temp\7zO2A81.tmp\IMG_17032013_184945.scr
uRun: [IMG_17032013_184946.scr] C:\Users\Jack\AppData\Local\Temp\7zODE52.tmp\IMG_17032013_184946.scr
uRun: [LightShot] C:\Users\Jack\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
mRun: [Arctosa] "C:\Program Files (x86)\Razer\Arctosa\razerhid.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{84A1194A-1EF2-4D1D-9BEC-086346347DEB} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CC09C2B7-B1AC-4C83-AA85-85B86872CABF} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1194\1.0.1194\TmopIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 TMEBC;TMEBC;C:\Windows\System32\Drivers\TMEBC64.sys [2013-1-8 46392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-2-27 283200]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\Drivers\tmevtmgr.sys [2013-1-8 76672]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-1-8 310952]
R2 AsusSE;AsusSE;C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe [2013-1-12 36864]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\Drivers\tmusa.sys [2013-1-8 77112]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\Drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\Drivers\LGSHidFilt.Sys [2012-10-3 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\Drivers\LGVirHid.sys [2009-11-24 16008]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-3 589824]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\Drivers\rtl8192ce.sys [2013-1-12 845416]
R3 tmeevw;tmeevw;C:\Windows\System32\Drivers\tmeevw.sys [2013-1-8 98104]
R3 tmnciesc;tmnciesc;C:\Windows\System32\Drivers\tmnciesc.sys [2013-1-8 210232]
S0 tmel;tmel;C:\Windows\System32\Drivers\tmel.sys [2013-1-8 34224]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\Drivers\lvrs64.sys [2012-10-26 351520]
S3 LVUVC64;@oem25.inf,%PID_0802_DD%(UVC);Logitech Webcam 200(UVC);C:\Windows\System32\Drivers\lvuvc64.sys [2012-10-26 4758176]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-1-11 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-30 08:02:30 -------- d-----w- C:\Program Files (x86)\Super HexaGoN!
2013-05-28 06:55:36 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-05-28 06:55:36 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-05-28 06:55:36 1011200 ----a-w- C:\Windows\System32\reseteng.dll
2013-05-28 06:40:45 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-28 06:40:45 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-28 06:15:17 -------- d-----w- C:\Program Files\iPod
2013-05-28 06:15:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-28 06:15:16 -------- d-----w- C:\Program Files\iTunes
2013-05-28 06:15:16 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-27 07:58:59 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2013-05-23 05:53:56 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2013-05-23 05:53:49 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-05-21 06:18:38 -------- d-----w- C:\Users\Jack\AppData\Roaming\Foxit Software
2013-05-17 11:02:03 -------- d-----w- C:\Users\Jack\AppData\Local\LogMeIn Hamachi
2013-05-13 07:54:35 759908 ----a-w- C:\Users\Jack\AppData\Local\defsea1.exe
2013-05-10 15:00:30 -------- d-----w- C:\Program Files (x86)\Portal
2013-05-08 12:41:51 -------- d-----w- C:\Users\Jack\AppData\Roaming\Wargaming.net
2013-05-06 11:12:37 -------- d-----w- C:\Program Files (x86)\Skillbrains
2013-05-06 11:12:30 -------- d-----w- C:\Users\Jack\AppData\Local\Skillbrains
.
==================== Find3M ====================
.
2013-05-23 07:17:32 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-05-23 07:17:32 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-05-23 07:17:10 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-05-22 13:46:48 234544 ----a-w- C:\Windows\RegBootClean64.exe
2013-04-16 02:34:44 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-14 01:05:24 22064 ----a-w- C:\Windows\DCEBoot64.exe
2013-04-13 05:56:35 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-11 06:40:48 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-09 23:17:44 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-09 23:17:36 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-04-09 23:16:58 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-09 22:30:26 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-09 22:29:44 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-09 05:33:02 489576 ----a-w- C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\Windows\System32\audiodg.exe
2013-04-09 05:27:43 284424 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-04-09 05:20:02 86280 ----a-w- C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\Windows\System32\kdvm.dll
2013-04-09 05:17:57 1829408 ----a-w- C:\Windows\System32\ntdll.dll
2013-04-09 04:52:07 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\Windows\System32\Robocopy.exe
2013-04-09 04:52:06 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\Windows\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\Windows\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\Windows\System32\wpncore.dll
2013-04-09 04:51:20 13648384 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-04-09 04:51:17 595456 ----a-w- C:\Windows\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\Windows\System32\twinui.dll
2013-04-09 04:51:03 3552768 ----a-w- C:\Windows\System32\tquery.dll
2013-04-09 04:50:53 414720 ----a-w- C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\Windows\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\Windows\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\Windows\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\Windows\System32\mssvp.dll
2013-04-09 04:50:03 2107904 ----a-w- C:\Windows\System32\mssrch.dll
2013-04-09 04:50:02 65024 ----a-w- C:\Windows\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\Windows\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\Windows\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\Windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45 281088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2013-04-09 04:49:36 817152 ----a-w- C:\Windows\System32\kerberos.dll
2013-04-09 04:49:33 210432 ----a-w- C:\Windows\System32\iuilp.dll
2013-04-09 04:49:16 50176 ----a-w- C:\Windows\System32\fmifs.dll
2013-04-09 04:49:16 231936 ----a-w- C:\Windows\System32\fhengine.dll
2013-04-09 04:49:09 172544 ----a-w- C:\Windows\System32\dwmredir.dll
2013-04-09 04:49:06 196096 ----a-w- C:\Windows\System32\dmvdsitf.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\Windows\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-04-09 04:48:42 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2013-04-09 04:48:34 419840 ----a-w- C:\Windows\System32\intl.cpl
2013-04-09 02:35:13 4038144 ----a-w- C:\Windows\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\Windows\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\Windows\System32\drivers\ndproxy.sys
2013-04-09 02:33:05 623104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-04-09 02:32:02 805376 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2013-04-09 02:31:14 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-04-09 02:31:01 83456 ----a-w- C:\Windows\System32\drivers\wanarp.sys
2013-04-08 23:44:25 123880 ----a-w- C:\Windows\SysWow64\wscapi.dll
2013-04-08 23:39:14 1408896 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:16 171008 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52:16 106496 ----a-w- C:\Windows\SysWow64\Robocopy.exe
2013-04-08 21:52:06 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-04-04 23:30:17 503080 ----a-w- C:\Windows\System32\ci.dll
2013-04-03 22:42:32 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-04-03 09:58:13 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-03-30 18:16:05 1403784 ----a-w- C:\Windows\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\Windows\System32\winload.exe
2013-03-28 22:09:09 1093880 ----a-w- C:\Windows\System32\winresume.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\Windows\System32\winresume.efi
2013-03-22 03:49:55 2382336 ----a-w- C:\Windows\SysWow64\esent.dll
2013-03-21 22:47:13 2851840 ----a-w- C:\Windows\System32\esent.dll
2013-03-16 00:53:13 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 00:53:11 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-16 00:53:11 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-15 22:05:34 298456 ----a-w- C:\Windows\System32\rsaenh.dll
2013-03-15 22:05:16 252928 ----a-w- C:\Windows\SysWow64\rsaenh.dll
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-15 00:17:18 861184 ----a-w- C:\Windows\System32\drivers\http.sys
2013-03-14 12:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-03-06 07:10:10 112872 ----a-w- C:\Windows\System32\consent.exe
2013-03-06 06:29:15 70144 ----a-w- C:\Windows\System32\appinfo.dll
.
============= FINISH: 13:11:42.81 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 7/01/2013 11:53:13 PM
System Uptime: 1/06/2013 12:07:30 PM (1 hours ago)
.
Motherboard: ASRock | | Z77 Pro4-M
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 285.549 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\INT33A0\0
Manufacturer:
Name:
PNP Device ID: ACPI\INT33A0\0
Service:
.
==== System Restore Points ===================
.
RP24: 13/05/2013 6:18:11 PM - Windows Update
RP25: 16/05/2013 6:57:57 PM - Windows Update
RP26: 17/05/2013 9:01:26 PM - Installed LogMeIn Hamachi
RP27: 20/05/2013 10:22:58 PM - Windows Update
RP28: 24/05/2013 7:36:30 PM - Windows Update
RP29: 28/05/2013 4:24:03 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS PCE-N15 WLAN Card Utilities & Driver
µTorrent
Audacity 2.0.2
Battlefield 3™
Battlelog Web Plugins
Bonjour
Borderlands 2
Brother MFL-Pro Suite MFC-7362N
Camtasia Studio 8
CCleaner
CDBurnerXP
Coupon Companion Plugin
CPUID CPU-Z 1.62
DAEMON Tools Pro
Definition update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Dota 2
ESN Sonar
Far Cry 3
Foxit Reader
Google Chrome
Google Update Helper
Intel(R) Processor Graphics
iTunes
Java 7 Update 17
Java Auto Updater
lightshot-4.3.0.0
Logitech Gaming Software
Logitech Gaming Software 8.40
LogMeIn Hamachi
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
NVIDIA 3D Vision Controller Driver 314.22
NVIDIA 3D Vision Driver 314.22
NVIDIA Control Panel 314.22
NVIDIA Graphics Driver 314.22
NVIDIA HD Audio Driver 1.3.23.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.12.12
NVIDIA Update Components
Origin
Outils de vérification linguistique 2013 de Microsoft Office - Français
PlanetSide 2
Portal
Portal 2
Portal 2 Publishing Tool
PunkBuster Services
Razer Arctosa
Skype™ 6.3
Sniper Elite: Nazi Zombie Army
Source SDK Base 2007
SpeedFan (remove only)
Steam
Team Fortress 2
Team Fortress 2 Beta
Torchlight II (c) Runic Games version 1
Trend Micro Titanium
Trend Micro Titanium Maximum Security
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2760512) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767852) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767861) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767864) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2737968) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2760214) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2767856) 64-Bit Edition
Update for Microsoft Word 2013 (KB2760244) 64-Bit Edition
Uplay
VLC media player 2.0.5
World of Tanks
Worms Revolution
.
==== Event Viewer Messages From Past Week ========
.
30/05/2013 8:52:54 PM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
30/05/2013 6:53:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
28/05/2013 4:29:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Cumulative Security Update for ActiveX Killbits for Windows 8 for x64-based Systems (KB2820197).
28/05/2013 4:24:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 8 for x64-based Systems (KB2781197).
28/05/2013 4:24:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Windows Malicious Software Removal Tool for Windows 8 and Windows Server 2012 x64-based Systems - May 2013 (KB890830).
27/05/2013 5:02:05 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a pre-shutdown control.
27/05/2013 5:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 8 for x64-based Systems (KB2781197).
1/06/2013 12:10:03 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/06/2013 12:10:03 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a log-on failure.
.
==== End Of File ===========================

Corrine · Jun 1, 2013

Hi, Jack. Welcome to Sysnative.

1. Windows Defender on Windows 8 is antivirus software. Thus, it was disabled when you installed Trend Micro. You cannot enable Windows Defender on Windows 8 with another antivirus software installed.

2. Please update Java, as you have an outdated, vulnerable version installed on your computer:

Download link: Java Version 7 Update 21
Verify your version: How do I test whether Java is working on my computer?
Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

3. Please download Malwarebytes' Anti-Malware to your desktop from here.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
-- Update Malwarebytes' Anti-Malware and
-- Launch Malwarebytes' Anti-Malware
Click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, check the following settings:
-- On the Scanner tab, check Perform quick scan.
-- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Jack.Kirkby · Jun 1, 2013

I have updated my java, I had seen that in my log when I posted it so it is updated and here is the contents of the Malwarebytes Anti-Malware software. It appears that I don't have a virus please correct me if I am wrong.

Thank you for a quick reply I really appreciate the help.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.06.01.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
Jack :: JACKS_PC [administrator]

Protection: Enabled

2/06/2013 10:55:20 AM
mbam-log-2013-06-02 (10-55-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240253
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Jack.Kirkby · Jun 1, 2013

And I have one more question, does that mean If i am running trend micro I can't use windows defender on is there a way to do that.

Corrine · Jun 1, 2013

Thank you for the MBAM log. I am surprised it didn't pick up the "coupon companion" as a PUP (potentially unwanted program) based on it being considered as adware. Let's see what AdwCleaner shows.

Please download AdwCleaner by Xplode to your Desktop.

Double-click AdwCleaner.exe to run the tool.
Click Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next response.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., R1

Regarding Windows Defender, that is correct, you cannot run it on Windows 8 with another antivirus software program installed. It is not the same "Windows Defender" that is the anti-spyware program. Rather Windows Defender on Windows 8 will interface with Windows secured boot, a Window 8 protection feature.

On a PC that supports UEFI-based Secure Boot, Windows secured boot will help ensure that all firmware and firmware updates are secure. By loading only properly signed and validated code in the boot path, the entire Windows boot path up to the anti-malware driver will be checked to ensure that it has not been tampered with.

Like Microsoft Security Essentials, definition updates for Windows Defender on Windows 8 are obtained automatically through the program or downloaded directly from the Microsoft Malware Protection Center (MMPC) Portal. You may also be offered updates through Windows Update.

Jack.Kirkby · Jun 1, 2013

Looks like it did pick the coupon up# AdwCleaner v2.301 - Logfile created 06/02/2013 at 12:46:00# Updated 16/05/2013 by Xplode# Operating system : Windows 8 (64 bits)# User : Jack - JACKS_PC# Boot Mode : Normal# Running from : C:\Users\Jack\Downloads\adwcleaner.exe# Option [Search]***** [Services] ********** [Files / Folders] *****Folder Found : C:\Program Files (x86)\Coupon Companion Plugin***** [Registry] *****Key Found : HKCU\Software\1ClickDownloadKey Found : HKCU\Software\APN PIPKey Found : HKCU\Software\AppDataLow\Software\CrossriderKey Found : HKCU\Software\Cr_InstallerKey Found : HKCU\Software\ilividKey Found : HKCU\Software\InstalledBrowserExtensionsKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}Key Found : HKCU\Software\PrivitizeVPNInstallDatesKey Found : HKCU\Software\SoftonicKey Found : HKCU\Software\StartSearchKey Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHOKey Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.SandboxKey Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}Key Found : HKLM\Software\PIPKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}***** [Internet Browsers] *****-\\ Internet Explorer v10.0.9200.16580[OK] Registry is clean.-\\ Google Chrome v27.0.1453.94File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\PreferencesFound [l.2863] : urls_to_restore_on_startup = [ "hxxp://search.chatzum.com" ]*************************AdwCleaner[R1].txt - [2375 octets] - [02/06/2013 12:46:00]########## EOF - C:\AdwCleaner[R1].txt - [2435 octets] ##########HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.SandboxKey Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}Key Found : HKLM\Software\PIPKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}***** [Internet Browsers] *****-\\ Internet Explorer v10.0.9200.16580[OK] Registry is clean.It looks like it did pick the Coupon Plugin-\\ Google Chrome v27.0.1453.94File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\PreferencesFound [l.2863] : urls_to_restore_on_startup = [ "hxxp://search.chatzum.com" ]*************************AdwCleaner[R1].txt - [2375 octets] - [02/06/2013 12:46:00]########## EOF - C:\AdwCleaner[R1].txt - [2435 octets] ##########

Corrine · Jun 2, 2013

It sure did! We'll have AdwCleaner take care of it and then I'd like you to run one more program that does a good job of picking up anything AdwCleaner misses.

Please rescan with AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Delete.
Everything that was found will be deleted.
Save any open files and approve the reboot. A text file will open after the restart.
Please post the contents of that logfile with your next reply.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

Please download Junkware Removal Tool to your desktop.

Disable your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Jack.Kirkby · Jun 5, 2013

Sorry for the late post, but here is the result~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 8 x64Ran by Jack on Wed 05/06/2013 at 16:25:53.01~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysFailed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220222182204}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220222182204}~~~ Files~~~ Folders~~~ ChromeFailed to delete: [Registry Key]] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jneaojaoiajhnemidnjhoempalnidbhjFailed to delete: [Registry Key]] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\jneaojaoiajhnemidnjhoempalnidbhj~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 05/06/2013 at 16:28:33.37End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Corrine · Jun 5, 2013

Did you run AdwCleaner with the delete option? If not, please do so. If you did run it already, the log can be found at C:\AdwCleaner.txt.

Please make sure you have word wrap checked in Notepad. It is located under Format.

Teaplease · Jun 5, 2013

Gotta say,I've used AdwCleaner a coupla times.Seems a tidy bit of kit.

Corrine · Jun 7, 2013

I agree, Teaplease, although I like the combination of both AdwCleaner and the JRT.

Jack is having a problem posting replies and I've suggested he clear the browser cache & cookies since he may have a corrupt cookie for Sysnative. Here's the requested AdwCleaner log:

# AdwCleaner v2.301 - Logfile created 06/06/2013 at 07:26:53
# Updated 16/05/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Jack - JACKS_PC
# Boot Mode : Normal
# Running from : C:\Users\Jack\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16580

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2504 octets] - [02/06/2013 12:46:00]
AdwCleaner[R2].txt - [2564 octets] - [03/06/2013 15:55:00]
AdwCleaner[R3].txt - [749 octets] - [06/06/2013 07:26:53]
AdwCleaner[S1].txt - [2674 octets] - [03/06/2013 15:55:31]

########## EOF - C:\AdwCleaner[R3].txt - [868 octets] ##########

Corrine · Jun 7, 2013

Please do the following to uninstall AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Uninstall
Confirm with yes

You can delete the Junkware Removal Tool and SecurityCheckup from your desktop.

Jack, please let us know if clearing cache & cookies solves the problem posting replies. Edit Note: After mentioning the problem you have encountered, it was suggested by another staff member that if clearing cache & cookies doesn't solve the problem to see if you have the same issue with an alternate browser.

Search

Search

Believed to have been infected with a virus....

Jack.Kirkby

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Jack.Kirkby

Member

Jack.Kirkby

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Jack.Kirkby

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Jack.Kirkby

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Teaplease

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Believed to have been infected with a virus....

Member

Administrator, Microsoft MVP, Security Analyst

Member

Member

Administrator, Microsoft MVP, Security Analyst

Member

Administrator, Microsoft MVP, Security Analyst

Member

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst