Jump to content

Egarrim

Honorary Members
  • Posts

    48
  • Joined

  • Last visited

Everything posted by Egarrim

  1. Hi again, i have just started the laptop and used chrome and it has redirected again to reimage. I did notice while redirecting that in the bottom corner of the browser it stated waiting for "Middlerush" .exe .. or something very simular
  2. Hi, and first of all thank you for helping. The log is attached. Can I ask if flushing the DNS would have fixed this issue, I saw reference to it in the fix log. Fixlog.txt
  3. Thats right its not the first time. I could be dishonset and create a new account every time but i dont and i also donate and subscribe to the malwarebytes premium version on three of my own computers and advise customers to do the same. I am asking for help and hope you will help me, I often give help free of charge should a customer call with an issue that I can talk them through or if a customer calls in with a problem I can fix in a few minutes. I could just wipe the laptop and reinstall windows but I like to figure things out and learn so I may help others, but on this occasion it has me stumped, will you help me please.
  4. Hi, I have been asked to have a look at a computer that has been infected with the reimage browser hijack. I have run all my usual programs that would normally rid the computer of these type of infections, but unfortunately it is stubborn and remains. I have run RKill, adwcleaner (nothing) JRT (nothing) Malwarebytes (nothing) hitman pro (nothing) and lastly emisoft emergency repair kit. Nothing shows up in these logs and yet as soon as I use google chrome to access the internet I get redirects and a new tab inviting me to download and buy the reimage program also adverts of a very explicit nature. Apparently the computer was infected just before xmas and the girls father reset it back to factory settings with the option to retain files and documents, so any programs have been lost that may have given a clue as to how this infection got onto the laptop in the first instance. PS I have checked the extensions in chrome and there is no sign of anything untoward in there either. Hope you can help and I wish you all well for the new year. The farbar logs are attached Addition.txt FRST.txt
  5. Hi, I hope you can help me please, I have a program called systheal optimizer that has appeared on my laptop, I have no idea how to remove this as there is no program listed in add remove program. Could I ask for help please. Kind regards
  6. Thank you for your kind help. Благодаря за помощта. Просто практикуване прекарвам 5 седмици в България всяко лято. (Созопол)
  7. Hi, i have run the scan on my neighbours laptop. The scan came up negative. As i had been in possession of it for over two weeks she asked for it back. I have let her have it to use. I can always ask for it back if you think more needs to be done, but as this scan was negative i thought it safe for her to use. She doesn't use for on line backing etc.. Is there any more that requires checking out, or things to clean up? I can get it back off her if there is. Regards Dave.
  8. Hi, done a full scan after i updated AVG, no infections were found. Regards Dave
  9. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013 Ran by Mrs Whinfrey at 2013-11-06 18:31:11 Run:1 Running from C:\Users\Mrs Whinfrey\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Mrs Whinfrey\AppData\Roaming\skype.ini ***************** C:\Users\Mrs Whinfrey\AppData\Roaming\skype.ini => Moved successfully. ==== End of Fixlog ====
  10. Hi thanks for your continued help. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013Ran by Mrs Whinfrey (administrator) on MRSWHINFREY on 05-11-2013 16:02:28Running from C:\Users\Mrs Whinfrey\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\System32\GFNEXSrv.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x]HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-16] (Realtek Semiconductor)HKLM\...\Run: [sRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223180 2012-03-22] ()HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [590256 2011-09-23] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation)HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-05-11] (Toshiba Europe GmbH)HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-11] (Google Inc.)HKCU\...\Run: [HP Deskjet 3070 B611 series (NET)] - C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2547048 2011-03-30] (Hewlett-Packard Co.)HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1492264 2011-11-18] (Nero AG)HKLM-x32\...\Run: [iTSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-01-12] (Hewlett-Packard)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)Startup: C:\Users\Mrs Whinfrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3070 B611 series (Network).lnkShortcutTarget: Monitor Ink Alerts - HP Deskjet 3070 B611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUAHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {794C4B55-EA35-431E-A147-180E8BED5FD7} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR Extension: (Skype Click to Call) - C:\Users\MRSWHI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0CHR HKLM-x32\...\Chrome\Extension: [dlmdlmoekcipeicfbnohedgkglmbhcla] - C:\Program Files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crxCHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2013-11-05] (Malwarebytes Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1082472 2012-01-17] (Realtek Semiconductor Corporation )S3 Tosrfcom; No ImagePathS1 SASDIFSV; \??\C:\Users\MRSWHI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]S1 SASKUTIL; \??\C:\Users\MRSWHI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-05 16:02 - 2013-11-05 16:02 - 00000000 ____D C:\FRST2013-11-05 16:01 - 2013-11-05 16:01 - 01957098 _____ (Farbar) C:\Users\Mrs Whinfrey\Downloads\FRST64.exe2013-11-05 15:43 - 2013-11-05 15:43 - 00000000 _____ C:\windows\setuperr.log2013-11-05 15:20 - 2013-11-05 15:20 - 00000000 ____D C:\Program Files\stinger2013-11-05 13:25 - 2013-11-05 13:25 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\SUPERAntiSpyware.com2013-11-05 13:25 - 2013-11-05 13:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-11-05 12:46 - 2013-11-05 12:46 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe2013-11-05 12:39 - 2013-11-05 12:46 - 00000000 ____D C:\ProgramData\HitmanPro2013-11-05 09:16 - 2013-11-05 09:16 - 00000058 _____ C:\Users\Public\Desktop\Daves Support.url2013-11-05 09:14 - 2013-11-05 15:22 - 00001380 _____ C:\windows\PFRO.log2013-11-02 22:02 - 2013-11-02 22:02 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\Auslogics2013-11-02 17:11 - 2013-11-02 17:13 - 00000000 ____D C:\ProgramData\Sophos2013-11-02 17:11 - 2013-11-02 17:11 - 00000000 ____D C:\Program Files (x86)\Sophos2013-11-02 15:36 - 2013-11-02 15:36 - 00000000 ____D C:\Program Files (x86)\ESET2013-11-02 11:40 - 2013-11-02 11:40 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk2013-11-02 11:13 - 2013-11-02 11:12 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2013-11-02 11:13 - 2013-11-02 11:12 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2013-11-02 11:11 - 2013-11-05 15:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job2013-11-02 11:11 - 2013-11-02 11:11 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater2013-11-02 11:10 - 2013-11-02 11:10 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-11-02 10:28 - 2013-11-05 15:43 - 00001130 _____ C:\windows\setupact.log2013-11-01 23:44 - 2013-11-05 15:36 - 00000058 _____ C:\windows\system32\zerobyte_files_deleted.txt2013-11-01 20:58 - 2013-11-05 15:36 - 00000076 _____ C:\windows\zerobyte_files_deleted.txt2013-11-01 20:50 - 2013-11-01 20:50 - 00000000 ____D C:\Users\Mrs Whinfrey\Desktop\MRSWHINFREY2013-10-29 08:55 - 2013-11-05 15:31 - 00000000 ____D C:\AdwCleaner2013-10-29 08:55 - 2013-10-29 08:55 - 01060070 _____ C:\Users\Mrs Whinfrey\Downloads\AdwCleaner (1).exe2013-10-29 08:37 - 2013-10-29 08:37 - 00003230 _____ C:\windows\System32\Tasks\SidebarExecute2013-10-29 08:37 - 2013-10-29 08:37 - 00000976 _____ C:\Users\Public\Desktop\AVG 2014.lnk2013-10-29 08:37 - 2013-10-29 08:37 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\TuneUp Software2013-10-29 08:37 - 2013-10-29 08:37 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\AVG20142013-10-29 08:35 - 2013-10-29 08:37 - 00000000 ____D C:\ProgramData\AVG20142013-10-29 08:35 - 2013-10-29 08:35 - 00000000 ___HD C:\$AVG2013-10-29 08:35 - 2013-10-29 08:35 - 00000000 ____D C:\Program Files (x86)\AVG2013-10-29 08:32 - 2013-11-05 09:19 - 00000000 ____D C:\ProgramData\MFAData2013-10-29 08:32 - 2013-11-02 11:55 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\Avg20142013-10-29 08:32 - 2013-10-29 08:32 - 04436568 _____ (AVG Technologies) C:\Users\Mrs Whinfrey\Downloads\avg_free_stb_all_2014_4158_cnet.exe2013-10-29 08:32 - 2013-10-29 08:32 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\MFAData2013-10-28 21:39 - 2013-10-28 21:39 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\AVAST Software2013-10-28 18:00 - 2013-10-28 18:01 - 00000000 ____D C:\windows\system32\MRT2013-10-28 18:00 - 2013-09-26 01:46 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2013-10-28 17:27 - 2013-10-28 17:27 - 00000045 _____ C:\windows\SysWOW64\initdebug.nfo2013-10-28 17:19 - 2013-10-28 17:19 - 02143832 _____ C:\Users\Mrs Whinfrey\Downloads\instsf449.exe2013-10-28 09:18 - 2013-10-28 09:18 - 00000000 ____D C:\windows\ERUNT2013-10-28 09:17 - 2013-10-28 09:17 - 01060070 _____ C:\Users\Mrs Whinfrey\Downloads\AdwCleaner.exe2013-10-28 09:16 - 2013-10-28 09:16 - 01033335 _____ (Thisisu) C:\Users\Mrs Whinfrey\Downloads\JRT.exe2013-10-26 16:22 - 2013-10-26 16:22 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-26 16:22 - 2013-10-26 16:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-26 16:22 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2013-10-26 16:21 - 2013-10-26 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mrs Whinfrey\Downloads\mbam-setup-1.75.0.1300.exe2013-10-25 17:54 - 2013-11-05 12:48 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2013-10-25 16:23 - 2013-10-25 16:23 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk2013-10-25 16:22 - 2013-10-25 16:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-10-25 16:22 - 2013-10-25 16:23 - 00000000 ____D C:\Program Files\iTunes2013-10-25 16:22 - 2013-10-25 16:23 - 00000000 ____D C:\Program Files (x86)\iTunes2013-10-25 16:22 - 2013-10-25 16:22 - 00000000 ____D C:\Program Files\iPod2013-10-25 16:15 - 2013-10-25 16:15 - 00001856 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2013-10-25 16:15 - 2013-10-25 16:15 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-10-09 18:49 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2013-10-09 18:49 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2013-10-09 18:49 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2013-10-09 18:49 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2013-10-09 18:49 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2013-10-09 18:49 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2013-10-09 18:49 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2013-10-09 18:49 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2013-10-09 18:49 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2013-10-09 18:49 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2013-10-09 18:49 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2013-10-09 18:49 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2013-10-09 18:49 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2013-10-09 18:49 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2013-10-09 18:49 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2013-10-09 18:49 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2013-10-09 18:49 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2013-10-09 18:49 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2013-10-09 18:49 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2013-10-09 18:49 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2013-10-09 18:49 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2013-10-09 18:49 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2013-10-09 18:49 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2013-10-09 18:49 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2013-10-09 18:49 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2013-10-09 18:49 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2013-10-09 18:49 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2013-10-09 18:49 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2013-10-09 18:49 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2013-10-09 18:49 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe2013-10-09 18:49 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe2013-10-09 18:21 - 2013-10-10 17:22 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\LogMeIn Rescue Applet2013-10-09 18:21 - 2013-10-09 18:21 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Mrs Whinfrey\Downloads\Support-LogMeInRescue.exe2013-10-09 18:07 - 2013-10-09 18:07 - 00784888 _____ (Google Inc.) C:\Users\Mrs Whinfrey\Downloads\ChromeSetup.exe2013-10-09 15:01 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys2013-10-09 15:01 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2013-10-09 15:01 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll2013-10-09 15:01 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll2013-10-09 15:01 - 2013-07-12 10:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys2013-10-09 15:01 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys2013-10-09 15:01 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2013-10-09 15:01 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll2013-10-09 15:01 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2013-10-09 15:01 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2013-10-09 15:01 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2013-10-09 15:01 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll2013-10-09 15:01 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys2013-10-09 15:01 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys2013-10-09 15:01 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys2013-10-09 15:01 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys2013-10-09 15:01 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll2013-10-09 15:01 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll2013-10-09 15:01 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll2013-10-09 15:01 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2013-10-09 15:01 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll2013-10-09 15:01 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll2013-10-09 15:01 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll2013-10-09 15:01 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2013-10-09 15:01 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2013-10-09 15:01 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2013-10-09 15:00 - 2013-09-04 12:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys2013-10-09 15:00 - 2013-09-04 12:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys2013-10-09 15:00 - 2013-09-04 12:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys2013-10-09 15:00 - 2013-09-04 12:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys2013-10-09 15:00 - 2013-09-04 12:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys2013-10-09 15:00 - 2013-09-04 12:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys2013-10-09 15:00 - 2013-09-04 12:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys2013-10-09 15:00 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2013-10-09 15:00 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2013-10-09 15:00 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll2013-10-09 15:00 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll2013-10-09 15:00 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll2013-10-09 15:00 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2013-10-09 15:00 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2013-10-09 15:00 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2013-10-09 15:00 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll2013-10-09 15:00 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll2013-10-09 15:00 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll2013-10-09 15:00 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe2013-10-09 15:00 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll2013-10-09 15:00 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe2013-10-09 15:00 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe2013-10-09 15:00 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2013-10-09 15:00 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll2013-10-09 15:00 - 2013-08-01 12:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys2013-10-09 15:00 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-10-09 15:00 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ==================== One Month Modified Files and Folders ======= 2013-11-05 16:02 - 2013-11-05 16:02 - 00000000 ____D C:\FRST2013-11-05 16:01 - 2013-11-05 16:01 - 01957098 _____ (Farbar) C:\Users\Mrs Whinfrey\Downloads\FRST64.exe2013-11-05 16:01 - 2012-11-21 20:05 - 00000270 _____ C:\windows\Tasks\HP Photo Creations Messager.job2013-11-05 15:51 - 2009-07-14 04:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-11-05 15:51 - 2009-07-14 04:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-11-05 15:48 - 2009-07-14 05:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI2013-11-05 15:47 - 2012-11-19 21:34 - 01215015 _____ C:\windows\WindowsUpdate.log2013-11-05 15:43 - 2013-11-05 15:43 - 00000000 _____ C:\windows\setuperr.log2013-11-05 15:43 - 2013-11-02 10:28 - 00001130 _____ C:\windows\setupact.log2013-11-05 15:43 - 2012-11-19 21:37 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job2013-11-05 15:43 - 2012-05-11 18:52 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2013-11-05 15:43 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2013-11-05 15:37 - 2012-11-19 14:43 - 00000000 ____D C:\Users\Mrs Whinfrey2013-11-05 15:37 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default2013-11-05 15:36 - 2013-11-01 23:44 - 00000058 _____ C:\windows\system32\zerobyte_files_deleted.txt2013-11-05 15:36 - 2013-11-01 20:58 - 00000076 _____ C:\windows\zerobyte_files_deleted.txt2013-11-05 15:31 - 2013-10-29 08:55 - 00000000 ____D C:\AdwCleaner2013-11-05 15:22 - 2013-11-05 09:14 - 00001380 _____ C:\windows\PFRO.log2013-11-05 15:20 - 2013-11-05 15:20 - 00000000 ____D C:\Program Files\stinger2013-11-05 15:13 - 2013-11-02 11:11 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job2013-11-05 15:07 - 2012-05-11 18:52 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2013-11-05 13:25 - 2013-11-05 13:25 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\SUPERAntiSpyware.com2013-11-05 13:25 - 2013-11-05 13:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-11-05 13:24 - 2012-11-19 14:43 - 00000000 ___RD C:\Users\Mrs Whinfrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-11-05 12:48 - 2013-10-25 17:54 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2013-11-05 12:46 - 2013-11-05 12:46 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe2013-11-05 12:46 - 2013-11-05 12:39 - 00000000 ____D C:\ProgramData\HitmanPro2013-11-05 11:22 - 2012-12-09 09:41 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\Skype2013-11-05 09:19 - 2013-10-29 08:32 - 00000000 ____D C:\ProgramData\MFAData2013-11-05 09:16 - 2013-11-05 09:16 - 00000058 _____ C:\Users\Public\Desktop\Daves Support.url2013-11-02 22:02 - 2013-11-02 22:02 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\Auslogics2013-11-02 17:13 - 2013-11-02 17:11 - 00000000 ____D C:\ProgramData\Sophos2013-11-02 17:11 - 2013-11-02 17:11 - 00000000 ____D C:\Program Files (x86)\Sophos2013-11-02 15:36 - 2013-11-02 15:36 - 00000000 ____D C:\Program Files (x86)\ESET2013-11-02 13:22 - 2012-11-19 21:37 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job2013-11-02 11:55 - 2013-10-29 08:32 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\Avg20142013-11-02 11:40 - 2013-11-02 11:40 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk2013-11-02 11:40 - 2013-03-24 15:31 - 00000000 ___RD C:\Program Files (x86)\Skype2013-11-02 11:40 - 2012-05-11 18:35 - 00000000 ____D C:\ProgramData\Skype2013-11-02 11:12 - 2013-11-02 11:13 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2013-11-02 11:12 - 2013-11-02 11:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2013-11-02 11:12 - 2012-05-11 18:18 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2013-11-02 11:12 - 2012-05-11 18:18 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2013-11-02 11:12 - 2012-05-11 18:18 - 00000000 ____D C:\Program Files (x86)\Java2013-11-02 11:11 - 2013-11-02 11:11 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater2013-11-02 11:11 - 2012-11-19 14:46 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\Adobe2013-11-02 11:11 - 2012-05-11 18:50 - 00000000 ____D C:\ProgramData\Adobe2013-11-02 11:11 - 2012-05-11 18:47 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2013-11-02 11:11 - 2012-05-11 18:47 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2013-11-02 11:10 - 2013-11-02 11:10 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-11-02 11:10 - 2012-05-11 18:50 - 00000000 ____D C:\Program Files (x86)\Adobe2013-11-01 22:08 - 2012-05-12 03:13 - 00000000 ____D C:\windows\Panther2013-11-01 20:50 - 2013-11-01 20:50 - 00000000 ____D C:\Users\Mrs Whinfrey\Desktop\MRSWHINFREY2013-10-29 08:55 - 2013-10-29 08:55 - 01060070 _____ C:\Users\Mrs Whinfrey\Downloads\AdwCleaner (1).exe2013-10-29 08:37 - 2013-10-29 08:37 - 00003230 _____ C:\windows\System32\Tasks\SidebarExecute2013-10-29 08:37 - 2013-10-29 08:37 - 00000976 _____ C:\Users\Public\Desktop\AVG 2014.lnk2013-10-29 08:37 - 2013-10-29 08:37 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\TuneUp Software2013-10-29 08:37 - 2013-10-29 08:37 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\AVG20142013-10-29 08:37 - 2013-10-29 08:35 - 00000000 ____D C:\ProgramData\AVG20142013-10-29 08:35 - 2013-10-29 08:35 - 00000000 ___HD C:\$AVG2013-10-29 08:35 - 2013-10-29 08:35 - 00000000 ____D C:\Program Files (x86)\AVG2013-10-29 08:32 - 2013-10-29 08:32 - 04436568 _____ (AVG Technologies) C:\Users\Mrs Whinfrey\Downloads\avg_free_stb_all_2014_4158_cnet.exe2013-10-29 08:32 - 2013-10-29 08:32 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\MFAData2013-10-29 08:30 - 2012-11-21 18:47 - 00000000 ____D C:\ProgramData\AVAST Software2013-10-28 21:39 - 2013-10-28 21:39 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\AVAST Software2013-10-28 21:37 - 2012-11-21 18:48 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update2013-10-28 21:06 - 2012-11-21 18:48 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe2013-10-28 21:02 - 2012-11-21 18:48 - 00000000 _____ C:\windows\SysWOW64\config.nt2013-10-28 18:02 - 2012-05-11 18:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2013-10-28 18:01 - 2013-10-28 18:00 - 00000000 ____D C:\windows\system32\MRT2013-10-28 17:27 - 2013-10-28 17:27 - 00000045 _____ C:\windows\SysWOW64\initdebug.nfo2013-10-28 17:19 - 2013-10-28 17:19 - 02143832 _____ C:\Users\Mrs Whinfrey\Downloads\instsf449.exe2013-10-28 11:18 - 2009-07-14 03:20 - 00000000 ____D C:\windows\rescache2013-10-28 09:18 - 2013-10-28 09:18 - 00000000 ____D C:\windows\ERUNT2013-10-28 09:17 - 2013-10-28 09:17 - 01060070 _____ C:\Users\Mrs Whinfrey\Downloads\AdwCleaner.exe2013-10-28 09:16 - 2013-10-28 09:16 - 01033335 _____ (Thisisu) C:\Users\Mrs Whinfrey\Downloads\JRT.exe2013-10-26 16:22 - 2013-10-26 16:22 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-26 16:22 - 2013-10-26 16:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-26 16:21 - 2013-10-26 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mrs Whinfrey\Downloads\mbam-setup-1.75.0.1300.exe2013-10-25 16:23 - 2013-10-25 16:23 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk2013-10-25 16:23 - 2013-10-25 16:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-10-25 16:23 - 2013-10-25 16:22 - 00000000 ____D C:\Program Files\iTunes2013-10-25 16:23 - 2013-10-25 16:22 - 00000000 ____D C:\Program Files (x86)\iTunes2013-10-25 16:22 - 2013-10-25 16:22 - 00000000 ____D C:\Program Files\iPod2013-10-25 16:15 - 2013-10-25 16:15 - 00001856 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2013-10-25 16:15 - 2013-10-25 16:15 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-10-17 15:09 - 2012-05-11 18:52 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-10-16 08:02 - 2009-07-14 05:08 - 00032620 _____ C:\windows\Tasks\SCHEDLGU.TXT2013-10-15 21:02 - 2012-05-11 18:52 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-10-15 21:02 - 2012-05-11 18:52 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-10-10 17:22 - 2013-10-09 18:21 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\LogMeIn Rescue Applet2013-10-09 19:03 - 2009-07-14 04:45 - 00414704 _____ C:\windows\system32\FNTCACHE.DAT2013-10-09 18:51 - 2012-11-21 21:30 - 00000000 ____D C:\ProgramData\Microsoft Help2013-10-09 18:47 - 2013-03-14 09:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-09 18:47 - 2013-03-14 09:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-10-09 18:21 - 2013-10-09 18:21 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Mrs Whinfrey\Downloads\Support-LogMeInRescue.exe2013-10-09 18:07 - 2013-10-09 18:07 - 00784888 _____ (Google Inc.) C:\Users\Mrs Whinfrey\Downloads\ChromeSetup.exe2013-10-06 11:38 - 2012-11-19 16:08 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\Google Files to move or delete:====================C:\Users\Mrs Whinfrey\AppData\Roaming\skype.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-01 22:35 ==================== End Of Log ============================Addition.txt
  11. Hi, i would like to attempt to clean up the computer please. I did remove the infection with avg when it was found. I hope this was ok. Regards
  12. Hi, just swapped anti virus to avg 2014 and it found this. c:\programdata\dsgsdgdsgsgw.pad and Luhe lockscreen .a i think this is the same thing, i researched and found it be be something to do with FBI ransom ware. But the neighbor told me she had this removed about 10 months ago. Havent run the programs you mentioned in your latest reply, i wanted to know what this is first. Regards
  13. Hi, things are fine. I just wondered if there was anything else that needs checking. Regards
  14. Just done another run with adwcleaner got a proper log. # AdwCleaner v3.010 - Report created 29/10/2013 at 08:56:48# Updated 20/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mrs Whinfrey - MRSWHINFREY# Running from : C:\Users\Mrs Whinfrey\Downloads\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Mrs Whinfrey\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R3].txt - [791 octets] - [29/10/2013 08:55:58]AdwCleaner[s1].txt - [713 octets] - [29/10/2013 08:56:48] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [772 octets] ########## благодаря
  15. Hi sorry about delay in response. Here are the logs you requested. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.7 (10.15.2013:3)OS: Windows 7 Home Premium x64Ran by Mrs Whinfrey on 28/10/2013 at 9:18:20.81~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [service] update whilokii ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbhoSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolutionSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ctoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\deltaSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ctoolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\deltaSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcoreSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mysearchdialSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4clientSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4scriptSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4server2Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.appserverSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.ibx404Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inboxSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\rebinfoSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebateinf.rebateinfobjSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{132E3F35-C45D-8B6D-C2EF-0C685F235070}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{794C4B55-EA35-431E-A147-180E8BED5FD7}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{794C4B55-EA35-431E-A147-180E8BED5FD7} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon"Successfully deleted: [Folder] "C:\ProgramData\partner"Successfully deleted: [Folder] "C:\ProgramData\pc1data"Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\AppData\Roaming\24x7 help"Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\AppData\Roaming\pcpowerspeed"Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\appdata\local\wajam"Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\appdata\locallow\inbox toolbar"Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\appdata\locallow\mysearchdial"Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\appdata\locallow\rebateinformer"Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"Successfully deleted: [Folder] "C:\Program Files (x86)\delta"Successfully deleted: [Folder] "C:\Program Files (x86)\inbox.com"Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"Failed to delete: [Folder] "C:\Program Files (x86)\whilokii"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inbox toolbar"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rebateinformer"Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\AppData\Roaming\microsoft\windows\start menu\programs\wajam" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Mrs Whinfrey\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjpSuccessfully deleted: [Folder] C:\Users\Mrs Whinfrey\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 28/10/2013 at 9:26:44.53End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.010 - Report created 28/10/2013 at 09:39:40# Updated 20/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mrs Whinfrey - MRSWHINFREY# Running from : C:\Users\Mrs Whinfrey\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : update whilokii[#] Service Deleted : Util Whilokii ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\DSearchLinkFolder Deleted : C:\Program Files (x86)\WhilokiiFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\windows\System32\Tasks\EPUpdaterFile Deleted : C:\windows\Tasks\MySearchDial.jobFile Deleted : C:\windows\System32\Tasks\MySearchDial ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdffKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdaterKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKCU\Software\WhilokiiKey Deleted : HKLM\Software\WhilokiiKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Mrs Whinfrey\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : urls_to_restore_on_startupDeleted : homepageDeleted : search_url ************************* AdwCleaner[R0].txt - [6657 octets] - [28/10/2013 09:34:24]AdwCleaner[R1].txt - [6797 octets] - [28/10/2013 09:37:50]AdwCleaner[s0].txt - [6419 octets] - [28/10/2013 09:39:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6479 octets] ##########Couldnt find S1 log Malwarebytes no detections Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.10.28.03 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Mrs Whinfrey :: MRSWHINFREY [administrator] Protection: Enabled 28/10/2013 09:48:59mbam-log-2013-10-28 (09-48-59).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 228890Time elapsed: 13 minute(s), Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  16. Hi, hope you can help. I have been asked to help a neighbour with her laptop. She is experiencing an awfull lot of redirects and seems to have had various programs installed that I have or have tried to uninstall, these included things like backup programs and even a pop up that was pretending to be from Microsoft with 24/ 7 help line. we are still left with redirects and strange sounding search tools and toolbars. Could you please help. Here are the logs I have just generated DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 Run by Mrs Whinfrey at 17:19:17 on 2013-10-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6034.3943 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\GFNEXSrv.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe C:\windows\system32\RunDll32.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Whilokii\updateWhilokii.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\WUDFHost.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\wuauclt.exe C:\windows\explorer.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPNetworkCommunicator.exe C:\windows\system32\igfxsrvc.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN14O2C07W05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1 uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP StartupFolder: C:\Users\MRSWHI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.1.1 TCP: Interfaces\{326E7B75-A475-4F94-9F76-4CD13141D112} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{326E7B75-A475-4F94-9F76-4CD13141D112}\2656C6B696E6 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{326E7B75-A475-4F94-9F76-4CD13141D112}\C496675626F687D263434303 : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned> Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152] R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2012-5-11 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2012-5-11 15920] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384] R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-11-21 21136] R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-11-21 984144] R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-11-21 370288] R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-11-21 25232] R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-11-21 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-21 44808] R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-11-19 162824] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-19 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-19 161560] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-19 363800] R2 Update Whilokii;Update Whilokii;C:\Program Files (x86)\Whilokii\updateWhilokii.exe [2013-9-26 65304] R2 Util Whilokii;Util Whilokii;C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [2013-10-7 65304] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-11-19 38096] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-11-19 251496] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-11-19 565352] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2012-11-19 1082472] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-15 833976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-5-27 57840] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-1-5 21096] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-11-19 57216] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-11-21 1255736] . =============== Created Last 30 ================ . 2013-10-25 22:26:07 -------- d-----w- C:\AdwCleaner 2013-10-25 18:10:08 116440 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys 2013-10-25 17:54:17 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2013-10-25 16:22:27 -------- d-----w- C:\Program Files\iPod 2013-10-25 16:22:26 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-25 16:22:26 -------- d-----w- C:\Program Files\iTunes 2013-10-25 16:22:26 -------- d-----w- C:\Program Files (x86)\iTunes 2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll 2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll 2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll 2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll 2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll 2013-10-25 14:45:33 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D59FD3D-2A8F-49B4-90E1-487406BF841D}\mpengine.dll 2013-10-09 18:21:18 -------- d-----w- C:\Users\Mrs Whinfrey\AppData\Local\LogMeIn Rescue Applet 2013-10-09 17:59:58 -------- d-----w- C:\Users\Mrs Whinfrey\AppData\Roaming\PCPowerSpeed 2013-10-09 17:59:52 -------- d-----w- C:\Program Files (x86)\Inbox.com 2013-10-09 17:59:50 -------- d-----w- C:\Users\Mrs Whinfrey\AppData\Roaming\24x7 Help 2013-10-09 15:00:40 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-10-06 11:50:59 -------- d-----w- C:\Program Files (x86)\MyPC Backup 2013-10-06 11:49:54 5433552 ----a-w- C:\ProgramData\pclunst.exe 2013-10-06 11:49:53 -------- d-----w- C:\ProgramData\PC1Data 2013-09-30 20:04:15 -------- d-----w- C:\Program Files (x86)\Whilokii . ==================== Find3M ==================== . 2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll 2013-09-04 12:12:11 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys 2013-09-04 12:11:51 325120 ----a-w- C:\windows\System32\drivers\usbport.sys 2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys 2013-09-04 12:11:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys 2013-09-04 12:11:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys 2013-09-04 12:11:42 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys 2013-09-04 12:11:40 7808 ----a-w- C:\windows\System32\drivers\usbd.sys 2013-09-03 13:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll 2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys 2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll 2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 12:09:36 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys . ============= FINISH: 17:19:55.90 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 19/11/2012 14:42:57 System Uptime: 26/10/2013 16:27:20 (1 hours ago) . Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1 Processor: Intel® Core i3-2350M CPU @ 2.30GHz | U3E1 | 2300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 579 GiB total, 494.369 GiB free. D: is CDROM () E: is Removable F: is FIXED (NTFS) - 298 GiB total, 269.445 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP95: 01/10/2013 13:32:07 - Windows Update RP96: 04/10/2013 18:55:52 - Windows Update RP97: 08/10/2013 21:35:35 - Windows Update RP98: 09/10/2013 15:47:49 - Windows Update RP99: 09/10/2013 19:41:15 - Windows Update RP100: 15/10/2013 21:39:41 - Windows Update RP101: 22/10/2013 16:37:44 - Windows Update RP102: 25/10/2013 23:21:07 - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.8) MUI Agatha Christie - Death on the Nile Aloha TriPeaks Apple Application Support Apple Mobile Device Support Apple Software Update avast! Pro Antivirus BBC iPlayer Desktop Bejeweled 3 Bing Bar Bing Bar Platform Bluetooth Stack for Windows by Toshiba Bonjour Cake Mania Chuzzle Deluxe Coupon Printer for Windows D3DX10 Fotogalleri Fotogalleriet Google Chrome Google Toolbar for Internet Explorer Google Update Helper High-Definition Video Playback HP Deskjet 3070 B611 series Basic Device Software HP Deskjet 3070 B611 series Help HP Deskjet 3070 B611 series Product Improvement Study HP Photo Creations HP Update iCloud Insaniquarium Deluxe Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client iTunes Java Auto Updater Java 6 Update 30 Jewel Quest Solitaire 2 Junk Mail filter update Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Mystery P.I. - The London Caper Nero 11 Essentials Nero 11 Kwik Themes Basic Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero BurnRights 11 Nero BurnRights 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi Photo Common Photo Gallery PhotoScape PhotoScape Packages Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Polar Bowler Premium Sound HD QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver RtkClassFilter Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition Skype Click to Call Skype™ 6.3 Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Manuals TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Online Product Information TOSHIBA PC Health Monitor TOSHIBA Places Icon Utility TOSHIBA Recovery Media Creator TOSHIBA Recovery Media Creator Reminder TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Project 2007 Help (KB963668) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Visio 2007 Help (KB963666) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App Valokuvavalikoima Virtual Villagers 4 - The Tree of Life welcome Whilokii 1.0.0 WildTangent Games WildTangent Games App (Toshiba Games) Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (12/02/2011 2.3.8.1) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalleri Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven peruspaketti Windows Liven sähköposti . ==== Event Viewer Messages From Past Week ======== . 26/10/2013 10:10:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect. 26/10/2013 10:10:06, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 25/10/2013 23:24:19, Error: mbamchameleon [61440] - 25/10/2013 17:20:35, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 25/10/2013 15:59:02, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 23/10/2013 19:10:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Update Whilokii service to connect. 23/10/2013 19:10:25, Error: Service Control Manager [7000] - The Update Whilokii service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
  17. RogueKiller V8.6.11 [sep 11 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : The Adcock family [Admin rights] Mode : Scan -- Date : 09/17/2013 22:43:19 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:9666) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{01A9C572-B9DC-42FA-8E1A-98CD6ABF8401}.exe - --uninstall=1 [x] -> FOUND [V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{01A9C572-B9DC-42FA-8E1A-98CD6ABF8401}.exe - --uninstall=1 [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[13] : NtAlertResumeThread @ 0x8309E823 -> HOOKED (Unknown @ 0x876CE9F8) [Address] SSDT[14] : NtAlertThread @ 0x8301734F -> HOOKED (Unknown @ 0x876CEA90) [Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8305369D -> HOOKED (Unknown @ 0x875ED0B8) [Address] SSDT[21] : NtAlpcConnectPort @ 0x82FF58A7 -> HOOKED (Unknown @ 0x8759B2D0) [Address] SSDT[42] : NtAssignProcessToJobObject @ 0x82FC8B32 -> HOOKED (Unknown @ 0x876726D0) [Address] SSDT[67] : NtCreateMutant @ 0x8302B993 -> HOOKED (Unknown @ 0x876CE820) [Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x82FCB349 -> HOOKED (Unknown @ 0x876724C8) [Address] SSDT[78] : NtCreateThread @ 0x8309CE40 -> HOOKED (Unknown @ 0x87646938) [Address] SSDT[116] : NtDebugActiveProcess @ 0x8306FED4 -> HOOKED (Unknown @ 0x87672768) [Address] SSDT[129] : NtDuplicateObject @ 0x83003579 -> HOOKED (Unknown @ 0x87806A38) [Address] SSDT[147] : NtFreeVirtualMemory @ 0x82E8FE75 -> HOOKED (Unknown @ 0x877870E0) [Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x82FC5F3F -> HOOKED (Unknown @ 0x876CE8C8) [Address] SSDT[158] : NtImpersonateThread @ 0x82FDB589 -> HOOKED (Unknown @ 0x876CE960) [Address] SSDT[165] : NtLoadDriver @ 0x82F76E12 -> HOOKED (Unknown @ 0x8759B258) [Address] SSDT[177] : NtMapViewOfSection @ 0x8301B994 -> HOOKED (Unknown @ 0x87787048) [Address] SSDT[184] : NtOpenEvent @ 0x83004DF7 -> HOOKED (Unknown @ 0x876CE788) [Address] SSDT[194] : NtOpenProcess @ 0x8302C12F -> HOOKED (Unknown @ 0x876468B0) [Address] SSDT[195] : NtOpenProcessToken @ 0x8300CA58 -> HOOKED (Unknown @ 0x875ED140) [Address] SSDT[197] : NtOpenSection @ 0x8301C78C -> HOOKED (Unknown @ 0x876728B8) [Address] SSDT[201] : NtOpenThread @ 0x8302762B -> HOOKED (Unknown @ 0x87806AC0) [Address] SSDT[210] : NtProtectVirtualMemory @ 0x830253E2 -> HOOKED (Unknown @ 0x87672628) [Address] SSDT[282] : NtResumeThread @ 0x83026C4A -> HOOKED (Unknown @ 0x8768F028) [Address] SSDT[289] : NtSetContextThread @ 0x8309E2CF -> HOOKED (Unknown @ 0x8768F1F0) [Address] SSDT[305] : NtSetInformationProcess @ 0x8301F9E6 -> HOOKED (Unknown @ 0x8768F288) [Address] SSDT[317] : NtSetSystemInformation @ 0x82FF1F1E -> HOOKED (Unknown @ 0x87672800) [Address] SSDT[330] : NtSuspendProcess @ 0x8309E75F -> HOOKED (Unknown @ 0x87672930) [Address] SSDT[331] : NtSuspendThread @ 0x82FA5945 -> HOOKED (Unknown @ 0x8768F0C0) [Address] SSDT[334] : NtTerminateProcess @ 0x82FFC16B -> HOOKED (Unknown @ 0x875ED850) [Address] SSDT[335] : NtTerminateThread @ 0x83027660 -> HOOKED (Unknown @ 0x8768F158) [Address] SSDT[348] : NtUnmapViewOfSection @ 0x8301BC57 -> HOOKED (Unknown @ 0x8768F330) [Address] SSDT[358] : NtWriteVirtualMemory @ 0x83018A27 -> HOOKED (Unknown @ 0x87787168) [Address] SSDT[382] : NtCreateThreadEx @ 0x83027115 -> HOOKED (Unknown @ 0x87672570) [Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x87F6F208) [Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x881C6A48) [Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x881C69D0) [Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87F6F1D0) [Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x881C6B00) [Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x88016630) [Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x881C6948) [Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x880166B8) [Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87F6F280) [Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x87F6F308) [Address] IRP[iRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807BA140) [Address] IRP[iRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807BA140) [Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807A8A5A) [Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\System32\DRIVERS\dvd43llh.sys @ 0x8DE01B20) [Address] IRP[iRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807A8A88) [Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807B5B70) [Address] IRP[iRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807B5B3C) ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500AAJS-75VWA0 ATA Device +++++ --- User --- [MBR] e8d9f7b30f13d94c12a4a53c07f53c61 [bSP] 7b8e47267250a06aa39260c2dc400db6 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09172013_224319.txt >>
  18. Hi, i had been asked by a friend to remove some of the old and dated programs of this desktop pc. I had great dificulty removing things like pc tuneup utilities 2012, the programs were corrupted and i downloaded them again inn order to remove. There were two antivirus programs on also, Norton (Paid) and AVG 2012 (Paid) but expired. I uninstalled AVG. Anyway all seemed well untill i was asked to install the wifi printer. All went well until i pressed the scan to pc button- i was asked to install itunes !!! Then after that the same message appeared relating to another program not related to itunes or the scanner. I thought it may be a virus, so i ran MB and it found 6 items to delete. The PC is very slow even when doing word etc, Could you please help. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.40.2Run by The Adcock family at 17:18:09 on 2013-09-17Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2036.609 [GMT 1:00].AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ================.C:\PROGRA~1\AVG\AVG2012\avgrsx.exeC:\PROGRA~1\AVG\AVG2012\avgcsrvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\SLsvc.exeC:\Program Files\Thomson\ST330\service\st330service.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Kontiki\KService.exeC:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Program Files\TomTom HOME 2\TomTomHOMEService.exeC:\Windows\System32\TUProgSt.exeC:\Windows\System32\alg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\Dwm.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Thomson\ST330\diagnostics\diagnostics.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\dvd43\DVD43_Tray.exeC:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Kontiki\KHost.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exeC:\Program Files\TomTom HOME 2\TomTomHOMERunner.exeC:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exeC:\Program Files\CASIO\Photo Loader\Plauto.exeC:\Users\The Adcock family\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Windows\ehome\ehmsas.exeC:\Program Files\Brother\ControlCenter3\brccMCtl.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\WUDFHost.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeF:\d7.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer provided by DelluSearch Bar = PreserveuProxyServer = 127.0.0.1:9666uProxyOverride = 127.0.0.1dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - <orphaned>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\norton 360\engine\20.4.0.40\CoIEPlg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\norton 360\engine\20.4.0.40\ips\IPSBHO.dllBHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - <orphaned>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dllBHO: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dllBHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dllBHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dllBHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dllTB: &Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dllTB: &Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dllTB: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dllTB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\norton 360\engine\20.4.0.40\CoIEPlg.dlluRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [kdx] c:\program files\kontiki\KHost.exe -alluRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [Driver Detective] c:\program files\pc drivers headquarters\driver detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:falseuRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"uRun: [HP Photosmart 5510d series (NET)] "c:\program files\hp\hp photosmart 5510d series\bin\ScanToPCActivationApp.exe" -deviceID "CN1AQ1B81505RW:NW" -scfn "HP Photosmart 5510d series (NET)" -AutoStart 1mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [ECenter] c:\dell\e-center\EULALauncher.exemRun: [RtHDVCpl] RtHDVCpl.exemRun: [diagnostics] "c:\program files\thomson\st330\diagnostics\diagnostics.exe" /icon -l:enmRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcentermRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exemRun: [DVDtoiPodConverter_upgrade] "c:\program files\e-zsoft\dvdtoipodconverter\DVDtoiPodConverter.exe" /upgrademRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorunmRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exemRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resumemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jaureg.exe" -u auto-updatemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRunOnce: [*D7] cmd /c start "" "F:\d7.exe"mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentmRunOnce: [d7_Remove_MBAM] cmd /c start "" "c:\program files\malwarebytes' anti-malware\unins000.exe" /silent /suppressmsgboxes /norestartdRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgroundStartupFolder: c:\users\theadc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\the adcock family\appdata\roaming\dropbox\bin\Dropbox.exeStartupFolder: c:\users\theadc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photol~1.lnk - c:\program files\casio\photo loader\Plauto.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001040-0002-0040-ABCDEFFEDCBC} - <orphaned>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.1TCP: Interfaces\{390E71BD-7329-477A-9E2C-4F731365DA7F} : DHCPNameServer = 192.168.1.1Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dllHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: igfxcui - igfxdev.dllAppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLLSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\SymDS.sys [2013-8-5 367704]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys [2013-8-5 934488]R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\bashdefs\20130903.002\BHDrvx86.sys [2013-9-3 1097816]R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccSetx86.sys [2013-8-5 134744]R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\ipsdefs\20130914.001\IDSvix86.sys [2013-9-17 392792]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\Ironx86.sys [2013-8-5 175264]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-8-5 352344]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\20.4.0.40\ccSvcHst.exe [2013-8-5 144368]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-9-12 108120]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-17 40776]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-23 167264]S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-29 54632]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-6-6 30464]S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-6-6 12672]S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2008-6-6 35328].=============== Created Last 30 ================.2013-09-17 14:52:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-09-17 14:51:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-17 14:51:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-09-16 17:44:30 -------- d-----w- c:\users\the adcock family\appdata\roaming\Malwarebytes2013-09-16 17:43:52 -------- d-----w- c:\programdata\Malwarebytes2013-09-16 16:32:13 -------- d-----w- C:\AdwCleaner2013-09-16 15:14:25 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}2013-09-16 13:48:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-09-12 19:04:00 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-09-12 19:03:58 615936 ----a-w- c:\windows\system32\themeui.dll2013-09-12 19:03:57 2049536 ----a-w- c:\windows\system32\win32k.sys.==================== Find3M ====================.2013-09-17 14:42:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-17 14:42:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-16 13:47:01 868264 ----a-w- c:\windows\system32\npDeployJava1.dll2013-09-16 13:47:00 790440 ----a-w- c:\windows\system32\deployJava1.dll2013-08-05 16:05:30 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-07-31 10:00:20 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-07-31 09:52:44 1129472 ----a-w- c:\windows\system32\wininet.dll2013-07-31 09:52:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-07-31 09:48:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-31 09:48:09 420864 ----a-w- c:\windows\system32\vbscript.dll2013-07-31 09:45:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll2013-07-05 04:53:33 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-07-08 12:37:10 161760 ----a-w- c:\program files\64res.dll.============= FINISH: 17:18:57.28 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3Install Date: 23/04/2008 23:21:01System Uptime: 17/09/2013 14:37:11 (3 hours ago).Motherboard: Dell Inc. | | 0RY007Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | Socket 775 | 1800/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 223 GiB total, 66.918 GiB free.D: is FIXED (NTFS) - 10 GiB total, 5.871 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft 6to4 AdapterDevice ID: ROOT\*6TO4MP\0086Manufacturer: MicrosoftName: Microsoft 6to4 Adapter #86PNP Device ID: ROOT\*6TO4MP\0086Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft 6to4 AdapterDevice ID: ROOT\*6TO4MP\0091Manufacturer: MicrosoftName: Microsoft 6to4 Adapter #91PNP Device ID: ROOT\*6TO4MP\0091Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0014Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #13PNP Device ID: ROOT\*ISATAP\0014Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0027Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #25PNP Device ID: ROOT\*ISATAP\0027Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0055Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #49PNP Device ID: ROOT\*ISATAP\0055Service: tunnel.==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)ABBYY FineReader 6.0 SprintAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.4)Adobe Shockwave PlayerApple Mobile Device SupportAviSynth 2.5BBC iPlayer Download ManagerBing BarBing Bar PlatformBingo Cafe UKBlackBerry Desktop Software 6.1Brother MFL-Pro SuiteBrowser Address Error RedirectorCompatibility Pack for the 2007 Office systemDell Getting Started GuideDell Resource CDDell Support Center (Support Software)Driver DetectiveDropboxDVD43 v4.6.0Free iPod Video Converter 1.34Google ChromeGoogle DesktopGoogle Earth Plug-inGoogle Toolbar for Internet ExplorerGoogle Update HelperHighlight Viewer (Windows Live Toolbar)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP FWUpdateEDO2HP Photo CreationsHP Photosmart 5510 series Basic Device SoftwareHP Photosmart 5510 series HelpHP Photosmart 5510 series Product Improvement StudyHP Photosmart 5510d series Basic Device SoftwareHP Photosmart 5510d series HelpHP Photosmart 5510d series Product Improvement StudyHP UpdateHPDiagnosticAlertHPDiagnosticCoreDllIntel® PRO Network Connections 12.1.11.0InterActual PlayerJava 7 Update 40Java Auto UpdaterJava SE Runtime Environment 6Junk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Map Button (Windows Live Toolbar)MediaBarMicrosoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Choice GuardMicrosoft Default ManagerMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Live Add-in 1.5Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Search Enhancement PackMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMobileMe Control PanelMSVCRTNorton 360Norton Security ScanOGA Notifier 2.0.0048.0Photo Loader 2.3EPhotohands 1.0EPhotoMail MakerRealtek High Definition Audio DriverRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition Smart Menus (Windows Live Toolbar)SpeedTouch 330Tiscali InternetTomTom HOMETomTom HOME Visual Studio Merge ModulesTuneUp Utilities Language Pack (en-GB)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit EditionUser's GuidesVegas Pro 9.0VLC media player 1.1.7Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live Favorites for Windows Live ToolbarWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live ToolbarWindows Live Toolbar Extension (Windows Live Toolbar)Windows Live Upload ToolWindows Live Writer.==== End Of File ===========================
  19. Hi these are the results of the last run apps # AdwCleaner v2.304 - Logfile created 07/05/2013 at 08:13:15# Updated 03/07/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)# User : End User - END-DB0950B1C90# Boot Mode : Normal# Running from : C:\Documents and Settings\End User\Local Settings\Temporary Internet Files\Content.IE5\N6WCYZSJ\AdwCleaner[1].exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\oucvv0y8.default\prefs.js Deleted : user_pref("extensions.dynconff.cache.www.google.co.uk.content", "<package expire=\"3600\" es=\"914\"[...] ************************* AdwCleaner[R1].txt - [2491 octets] - [02/07/2013 08:52:49]AdwCleaner[s1].txt - [2428 octets] - [02/07/2013 08:54:12]AdwCleaner[s2].txt - [988 octets] - [05/07/2013 08:13:15] ########## EOF - C:\AdwCleaner[s2].txt - [1047 octets] ########## Results of screen317's Security Check version 0.99.68 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! ESET Online Scanner v3 Norton Internet Security `````````Anti-malware/Other Utilities Check:````````` Spy Alert Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 10.0.1 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 7% ````````````````````End of Log``````````````````````
  20. Hi, here is the log file from eset. ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=8# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=850c2a2196eceb41b1f7366714da2c0f# engine=14268# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2013-07-04 03:05:21# local_time=2013-07-04 04:05:21 (+0000, GMT Standard Time)# country="United Kingdom"# lang=1033# osver=5.1.2600 NT Service Pack 2# compatibility_mode=1023 16777215 0 0 0 0 0 0# compatibility_mode=3591 16777213 100 93 237355 135546906 0 0# scanned=59682# found=8# cleaned=0# scan_time=2958sh=CC7DAD8158D13D52B008D17118219426439FDFED ft=1 fh=85d86f1a61686266 vn="Win32/RemoteAdmin.Ammyy.A application" ac=I fn="C:\Documents and Settings\End User\My Documents\Downloads\AA_v3(1).exe"sh=CC7DAD8158D13D52B008D17118219426439FDFED ft=1 fh=85d86f1a61686266 vn="Win32/RemoteAdmin.Ammyy.A application" ac=I fn="C:\Documents and Settings\End User\My Documents\Downloads\AA_v3(2).exe"sh=CC7DAD8158D13D52B008D17118219426439FDFED ft=1 fh=85d86f1a61686266 vn="Win32/RemoteAdmin.Ammyy.A application" ac=I fn="C:\Documents and Settings\End User\My Documents\Downloads\AA_v3.exe"sh=E38FDF7BBAEC7E9C710409F38869C8013A9F0041 ft=1 fh=0bddfd8ceb733870 vn="a variant of Win32/ExFriendAlert.B application" ac=I fn="C:\Documents and Settings\End User\My Documents\Downloads\Setup(1).exe"sh=4BB942447E72176B7BB2A6D82DC30846147FB6C7 ft=1 fh=36aacfb15db4535c vn="a variant of Win32/SoftonicDownloader.E application" ac=I fn="C:\Documents and Settings\End User\My Documents\Downloads\SoftonicDownloader_for_siw.exe"sh=6B9A9B378A413AF6EC1770D0C7207E4045E7907D ft=1 fh=4ff7162f1def1280 vn="a variant of Win32/ExFriendAlert.B application" ac=I fn="C:\Program Files\SpyAlert\IE\common.dll"sh=E38FDF7BBAEC7E9C710409F38869C8013A9F0041 ft=1 fh=0bddfd8ceb733870 vn="a variant of Win32/ExFriendAlert.B application" ac=I fn="C:\System Volume Information\_restore{19C43AA9-6925-4804-A6EB-5BD6D74A7B2F}\RP14\A0033900.exe"sh=E38FDF7BBAEC7E9C710409F38869C8013A9F0041 ft=1 fh=0bddfd8ceb733870 vn="a variant of Win32/ExFriendAlert.B application" ac=I fn="C:\System Volume Information\_restore{19C43AA9-6925-4804-A6EB-5BD6D74A7B2F}\RP14\A0033901.exe"
  21. Hi i have run the full scan, Malwarebytes didnt find anything, here is the log Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.07.04.05 Windows XP Service Pack 2 x86 NTFSInternet Explorer 8.0.6001.18702End User :: END-DB0950B1C90 [administrator] 04/07/2013 14:15:07mbam-log-2013-07-04 (14-15-07).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 225401Time elapsed: 32 minute(s), 38 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  22. Here is the second log run from the desktiop ComboFix 13-07-03.01 - End User 04/07/2013 13:19:37.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.314 [GMT 1:00]Running from: c:\documents and settings\End User\Desktop\ComboFix.exeAV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}..((((((((((((((((((((((((( Files Created from 2013-06-04 to 2013-07-04 )))))))))))))))))))))))))))))))..2013-07-02 10:57 . 2013-07-02 10:57 -------- d-----w- c:\windows\Sun2013-07-02 10:53 . 2013-07-02 10:52 144896 ----a-w- c:\windows\system32\javacpl.cpl2013-07-02 10:53 . 2013-07-02 10:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-07-02 10:52 . 2013-07-02 10:52 -------- d-----w- c:\program files\Java2013-07-02 10:50 . 2013-07-02 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2013-07-02 08:56 . 2013-07-02 08:56 53248 ----a-w- c:\windows\system32\zlib.dll2013-07-01 19:57 . 2013-07-01 19:57 -------- d-----w- C:\Stinger_Quarantine2013-07-01 19:56 . 2013-07-01 21:40 -------- d-----w- c:\program files\stinger2013-07-01 19:45 . 2013-07-01 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-07-01 19:44 . 2013-07-01 19:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-07-01 19:36 . 2013-07-01 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-07-01 19:26 . 2013-07-01 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro2013-07-01 19:20 . 2013-07-01 19:20 -------- d-sh--w- c:\documents and settings\End User\IECompatCache2013-07-01 18:21 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys2013-07-01 18:21 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys2013-07-01 18:21 . 2001-08-17 13:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys2013-07-01 18:21 . 2001-08-17 13:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys2013-06-26 12:50 . 2013-06-26 12:50 -------- d-sh--w- c:\documents and settings\End User\PrivacIE2013-06-26 12:48 . 2013-06-26 12:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2013-06-26 12:48 . 2013-06-26 12:48 -------- d-sh--w- c:\documents and settings\End User\IETldCache2013-06-26 12:44 . 2013-06-26 12:46 -------- dc-h--w- c:\windows\ie82013-06-26 12:03 . 2013-06-26 12:04 -------- d-----w- C:\d3dbeda7c5cdcecdc079ab6d2013-06-22 18:43 . 2013-06-22 19:01 -------- d-----w- c:\program files\Common Files\Symantec Shared2013-06-22 18:43 . 2013-06-22 18:43 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-06-22 18:43 . 2013-06-22 18:43 -------- d-----w- c:\program files\Symantec2013-06-22 18:42 . 2013-06-22 18:42 -------- d-----w- c:\windows\system32\drivers\NIS2013-06-22 18:42 . 2013-06-22 18:42 -------- d-----w- c:\program files\Norton Internet Security2013-06-22 18:42 . 2013-06-22 18:42 -------- d-----w- c:\program files\NortonInstaller2013-06-22 18:37 . 2013-06-22 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2013-06-22 12:02 . 2013-06-22 12:02 -------- d-----w- c:\program files\SpyAlert2013-06-18 15:14 . 2013-06-18 15:14 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2013-06-06 09:47 . 2013-06-06 09:48 -------- d-----w- c:\program files\CCleaner2013-06-06 09:14 . 2013-06-12 09:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-06-06 09:14 . 2013-06-12 09:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-06 08:24 . 2013-06-25 10:37 -------- d-----w- c:\documents and settings\End User\Local Settings\Application Data\LogMeIn Rescue Calling Card2013-06-06 07:58 . 2013-06-06 07:58 -------- d-----w- c:\documents and settings\End User\Application Data\Malwarebytes2013-06-06 07:57 . 2013-06-23 09:20 -------- d-----w- c:\program files\LogMeIn Rescue Calling Card2013-06-06 07:57 . 2013-06-06 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-06-06 07:57 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-06-06 07:34 . 2013-06-26 12:37 -------- d-----w- c:\documents and settings\End User\Local Settings\Application Data\LogMeIn Rescue Applet...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-02 10:52 . 2013-05-28 09:03 867240 ----a-w- c:\windows\system32\npDeployJava1.dll2013-07-02 10:52 . 2013-05-17 18:56 789416 ----a-w- c:\windows\system32\deployJava1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].c:\documents and settings\End User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]REALTEK Wireless LAN Utility.lnk - c:\program files\REALTEK Wireless LAN Software\RtWLan.exe /H [2012-12-12 897024].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\REALTEK Wireless LAN Software\\RtWLan.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot"53:UDP"= 53:UDP:Realtek AP UDP Prot.R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [18/06/2013 16:14 102448]R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1404000.028\SymDS.sys [22/06/2013 19:43 367704]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1404000.028\SymEFA.sys [22/06/2013 19:43 934488]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [02/07/2013 19:30 1002072]R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [22/06/2013 19:43 134744]R1 RapportCerberus_53984;RapportCerberus_53984;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [28/05/2013 10:12 317424]R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [18/06/2013 16:14 103120]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [18/06/2013 16:14 174320]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1404000.028\Ironx86.sys [22/06/2013 19:43 175264]R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [22/06/2013 19:43 144368]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [18/06/2013 16:14 1124632]R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [19/05/2009 11:39 66792]R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [28/02/2006 13:00 14336]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/06/2013 19:44 106656]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130703.001\IDSXpx86.sys [04/07/2013 12:44 373728]R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [12/12/2012 11:15 530664]R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/12/2012 11:06 233512]R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [12/12/2012 11:06 238464]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2012 11:04 1684736]S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/07/2013 20:44 35144].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]yksvcs REG_MULTI_SZ yksvc.Contents of the 'Scheduled Tasks' folder.2013-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-06 09:22]..------- Supplementary Scan -------.uStart Page = about:blankIE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\documents and settings\End User\Application Data\Mozilla\Firefox\Profiles\oucvv0y8.default\FF - prefs.js: browser.search.selectedEngine - Norton Safe SearchFF - prefs.js: browser.startup.homepage - www.google.co.ukFF - ExtSQL: 2013-06-22 19:45; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgnFF - ExtSQL: 2013-06-22 19:45; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-07-04 13:29Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(1312)c:\windows\system32\btmmhook.dllc:\windows\system32\ieframe.dllc:\windows\system32\msi.dllc:\windows\system32\webcheck.dll.Completion time: 2013-07-04 13:32:42ComboFix-quarantined-files.txt 2013-07-04 12:32ComboFix2.txt 2013-07-04 12:11.Pre-Run: 151,205,363,712 bytes freePost-Run: 151,188,426,752 bytes free.- - End Of File - - B9F3E1914320318235290D9900DEC3A78F558EB6672622401DA993E1E865C861
  23. Sorry just realized my mistake, i didnt run from desktop will post correct log shortly.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.