Jump to content

Nolski77

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by Nolski77

  1. Hi, I've ran the avp scan but it didn't pick up any infections, I've still saved a text file but it's huge, over 250mb. I selected the text to copy and paste, but it seemed so large it took a long time to respond. Would it be worth pasting the whole text into this?
  2. Thanks for reply, it's surprising how much is being picked up. Some of these have been installed for years, I would not have imagined they could be slowing things down all this time. Here is the text file from eset C:\Users\All Users\Win7codecs\{26384208-8068-4A22-AA02-9E07911B58D7}\Win7codecs.msi Win32/Packed.Autoit.E.Gen application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1] multiple threats C:\Program Files (x86)\Win7codecs\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application cleaned by deleting - quarantinedC:\ProgramData\Win7codecs\{26384208-8068-4A22-AA02-9E07911B58D7}\Win7codecs.msi Win32/Packed.Autoit.E.Gen application deleted - quarantinedC:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView application deleted - quarantinedC:\Users\Mick Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPL0M7AN\stubinst_pkg_en-uk[1].cab Win32/OpenCandy application deleted - quarantinedC:\Users\Mick Emma\Desktop\iPhone Backup Extractor 2.5.6.0 Incl Keygen [vokeon]\iPhone Backup Extractor 2.5.6.0 [vokeon].rar BAT/HostsChanger.A application deleted - quarantinedC:\Users\Mick Emma\Desktop\iPhone Backup Extractor 2.5.6.0 Incl Keygen [vokeon]\iPhone Backup Extractor 2.5.6.0 [vokeon]\iPhone Backup Extractor 2.5.6.0 [vokeon]\Lz0\crack.cmd BAT/HostsChanger.A application cleaned by deleting - quarantinedC:\Users\Mick Emma\Documents\Programmes\Magic.ISO.Maker.v5.4.b251.Incl.-RES-patch\Magic.ISO.Maker.v5.4.b251.Incl.-RES-patch.rar a variant of Win32/HackTool.Patcher.AF application deleted - quarantinedC:\Users\Mick Emma\Documents\Programmes\Magic.ISO.Maker.v5.4.b251.Incl.-RES-patch\Magic.ISO.Maker.v5.4.b251.Incl.-RES-patch\Patch\Magic.ISO.Maker.v5.4.b251_patch.exe a variant of Win32/HackTool.Patcher.AF application cleaned by deleting - quarantinedC:\Users\Mick Emma\Downloads\cbsidlm-cbsi5_3_0_93-Free_Movie_DVD_Maker-ORG-10669082.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantinedC:\Users\Mick Emma\Downloads\cbsidlm-tr1_7-Free_FLAC_to_MP3_Converter-ORG2-75206134.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantinedC:\Users\Mick Emma\Downloads\winscp429setup.exe Win32/OpenCandy application cleaned by deleting - quarantinedC:\Windows\Installer\76abdb.msi Win32/Packed.Autoit.E.Gen application deleted - quarantinedC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1] multiple threats cleaned by deleting - quarantined
  3. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.01.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Mick Emma :: MICKEMMA-PC [administrator] 01/09/2013 15:14:09 mbam-log-2013-09-01 (15-14-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 275723 Time elapsed: 27 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\Mick Emma\Downloads\4F4C.tmp (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully. C:\Users\Mick Emma\Downloads\919E.tmp (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully. C:\Users\Mick Emma\Downloads\91FC.tmp (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully. C:\Users\Mick Emma\Downloads\iphonebackupextractor-latest.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\Mick Emma\Downloads\Unconfirmed 488045.crdownload (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully. (end)
  4. The ADW logfile is here. # AdwCleaner v3.001 - Report created 01/09/2013 at 15:08:46# Updated 24/08/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Mick Emma - MICKEMMA-PC# Running from : C:\Users\Mick Emma\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\InstallMateFolder Deleted : C:\Program Files (x86)\1ClickDownloadFolder Deleted : C:\Users\Mick Emma\AppData\Local\PackageAwareFolder Deleted : C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\ConduitFolder Deleted : C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\jetpackFile Deleted : C:\Users\MICKEM~1\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\searchplugins\web-search.xmlFile Deleted : C:\Users\Mick Emma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorageFile Deleted : C:\Users\Mick Emma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfdKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjgKey Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKCU\Software\HeadlightKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShareKey Deleted : [x64] HKLM\SOFTWARE\DataMngrKey Deleted : [x64] HKLM\SOFTWARE\Tarma InstallerKey Deleted : [x64] HKLM\SOFTWARE\Web AssistantKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v22.0 (en-GB) [ File : C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\prefs.js ] Line Deleted : user_pref("browser.search.order.1", "Ask.com");Line Deleted : user_pref("extensions.AMAZON_NS_PH.active-buttons.amazontweet.rss.items", "%5B%7B%22title%22%3A%22amazonbooks%3A%2020%20yrs%20ago%20%40RL_Stine's%201st%20Goosebumps%20book-now%20see%201st%20Goosebumps[...] -\\ Google Chrome v [ File : C:\Users\Mick Emma\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8946 octets] - [01/09/2013 15:08:00]AdwCleaner[s0].txt - [8913 octets] - [01/09/2013 15:08:46] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8973 octets] ##########
  5. Hello, due to the laptop running very slow I have had to perform these tasks in safemode. I have uninstalled avg, and BitTorrent, however I have been unable to uninstall Vshare plug in. The JRT log is here. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.6 (08.30.2013:1)OS: Windows 7 Professional x64Ran by Mick Emma on 01/09/2013 at 14:57:52.61~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3737806752-2066394970-3642140580-1001\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownloadSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\imSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminentSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstallerSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\vshareSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3737806752-2066394970-3642140580-1001\Software\web assistant"Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminentSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistantSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\oneclickSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\oneclickmgSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarpSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0D50683-10CF-4F0E-BA73-74BB10B75E83}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"Successfully deleted: [Folder] "C:\ProgramData\freerip"Successfully deleted: [Folder] "C:\ProgramData\premium"Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\local\ilivid player"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\conduitengine"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\datamngr"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\incredibar.com"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\search settings"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\searchquband"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\vshare"Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\vuze_remote"Successfully deleted: [Folder] "C:\Program Files (x86)\perion"Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"Successfully deleted: [Empty Folder] C:\Users\Mick Emma\appdata\local\{983CECE6-80FD-46E9-9D64-2A43D57E645E}Successfully deleted: [Empty Folder] C:\Users\Mick Emma\appdata\local\{B50354EE-ADDC-4A2D-A66A-3B112BB407DF}Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ FireFox Successfully deleted: [File] C:\user.jsFailed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"Successfully deleted: [File] C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\user.jsSuccessfully deleted: [File] C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\searchplugins\askcom.xmlSuccessfully deleted: [File] C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\searchplugins\mystart search.xmlSuccessfully deleted: [File] C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\searchplugins\search_results.xmlSuccessfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}Successfully deleted the following from C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\prefs.js user_pref("CT2504091..clientLogIsEnabled", false);user_pref("CT2504091.CTID", "CT2504091");user_pref("CT2504091.CurrentServerDate", "25-2-2011");user_pref("CT2504091.DialogsAlignMode", "LTR");user_pref("CT2504091.DownloadReferralCookieData", "");user_pref("CT2504091.EMailNotifierPollDate", "Thu Feb 24 2011 21:44:34 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.FeedLastCount129079840422964131", 10);user_pref("CT2504091.FeedPollDate128891351169457140", "Thu Feb 24 2011 21:24:54 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Feb 24 2011 21:24:54 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.FeedTTL128891351169457140", 40);user_pref("CT2504091.FirstServerDate", "25-2-2011");user_pref("CT2504091.FirstTime", true);user_pref("CT2504091.FirstTimeFF3", true);user_pref("CT2504091.FixPageNotFoundErrors", true);user_pref("CT2504091.GroupingServerCheckInterval", 1440);user_pref("CT2504091.Initialize", true);user_pref("CT2504091.InitializeCommonPrefs", true);user_pref("CT2504091.InstallationAndCookieDataSentCount", 2);user_pref("CT2504091.InstallationType", "UnknownIntegration");user_pref("CT2504091.InstalledDate", "Thu Feb 24 2011 21:24:48 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.IsGrouping", false);user_pref("CT2504091.IsMulticommunity", false);user_pref("CT2504091.IsOpenThankYouPage", false);user_pref("CT2504091.IsOpenUninstallPage", false);user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Feb 24 2011 21:24:55 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);user_pref("CT2504091.LastLogin_3.2.5.2", "Thu Feb 24 2011 21:24:56 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.LatestVersion", "2.7.2.0");user_pref("CT2504091.Locale", "en-us");user_pref("CT2504091.MCDetectTooltipHeight", "83");user_pref("CT2504091.MCDetectTooltipWidth", "295");user_pref("CT2504091.SearchFromAddressBarIsInit", true);user_pref("CT2504091.SearchInNewTabEnabled", true);user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Feb 24 2011 21:24:50 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.ServiceMapLastCheckTime", "Thu Feb 24 2011 21:24:40 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.SettingsLastCheckTime", "Thu Feb 24 2011 21:24:42 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.SettingsLastUpdate", "1297858754");user_pref("CT2504091.ThirdPartyComponentsInterval", 504);user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Feb 24 2011 21:24:40 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");user_pref("CT2504091.UserID", "UN14934450574863409");user_pref("CT2504091.alertChannelId", "897164");user_pref("CT2504091.myStuffEnabled", true);user_pref("CT2504091.myStuffPublihserMinWidth", 400);user_pref("CT2504091.myStuffServiceIntervalMM", 1440);user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Thu Feb 24 2011 21:24:48 GMT+0000 (GMT Standard Time)");user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Thu Feb 24 2011 21:24:56 GMT+0000 (GMT Standard Time)");user_pref("CommunityToolbar.EngineOwner", "");user_pref("CommunityToolbar.EngineOwnerGuid", "");user_pref("CommunityToolbar.EngineOwnerToolbarId", "");user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);user_pref("CommunityToolbar.OriginalEngineOwner", "");user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");user_pref("CommunityToolbar.ToolbarsList", "CT2504091");user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Feb 06 2012 17:13:17 GMT+0000 (GMT Standard Time)");user_pref("CommunityToolbar.alert.locale", "en");user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Feb 06 2012 17:13:17 GMT+0000 (GMT Standard Time)");user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);user_pref("CommunityToolbar.alert.showTrayIcon", false);user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);user_pref("CommunityToolbar.alert.userId", "222685bd-fde0-42d9-bcc4-82bc8312adb1");user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Feb 24 2011 21:24:33 GMT+0000 (GMT Standard Time)");user_pref("extensions.incredibar.actvtyRptTime", "1348333227349");user_pref("extensions.incredibar.admin", false);user_pref("extensions.incredibar.aflt", "orgnl");user_pref("extensions.incredibar.afterInstallRpt", "sent");user_pref("extensions.incredibar.cntry", "GB");user_pref("extensions.incredibar.dfltLng", "EN");user_pref("extensions.incredibar.dfltSrch", false);user_pref("extensions.incredibar.dfltlng", "EN");user_pref("extensions.incredibar.dfltsrch", "false");user_pref("extensions.incredibar.did", "10674");user_pref("extensions.incredibar.envrmnt", "production");user_pref("extensions.incredibar.excTlbr", false);user_pref("extensions.incredibar.hdrMd5", "3253B02ACB5ADB9C3D061EE4EB23005D");user_pref("extensions.incredibar.hmpg", false);user_pref("extensions.incredibar.hrdid", "7a682def000000000000001a80b65d40");user_pref("extensions.incredibar.id", "7a682def000000000000001a80b65d40");user_pref("extensions.incredibar.installerproductid", "26");user_pref("extensions.incredibar.instlDay", "15594");user_pref("extensions.incredibar.instlRef", "");user_pref("extensions.incredibar.instlday", "15594");user_pref("extensions.incredibar.instlref", "");user_pref("extensions.incredibar.isDcmntCmplt", true);user_pref("extensions.incredibar.isdcmntcmplt", "false");user_pref("extensions.incredibar.keywordurl", "");user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1422:06:06");user_pref("extensions.incredibar.mntrvrsn", "1.2.0");user_pref("extensions.incredibar.newTab", false);user_pref("extensions.incredibar.newtab", "false");user_pref("extensions.incredibar.newtaburl", "");user_pref("extensions.incredibar.noFFXTlbr", false);user_pref("extensions.incredibar.ppd", "");user_pref("extensions.incredibar.prdct", "incredibar");user_pref("extensions.incredibar.productid", "26");user_pref("extensions.incredibar.prtnrId", "Incredibar");user_pref("extensions.incredibar.prtnrid", "Incredibar");user_pref("extensions.incredibar.sg", "none");user_pref("extensions.incredibar.smplGrp", "none");user_pref("extensions.incredibar.smplgrp", "none");user_pref("extensions.incredibar.srch", "");user_pref("extensions.incredibar.srchprvdr", "");user_pref("extensions.incredibar.tlbrId", "base");user_pref("extensions.incredibar.tlbrid", "base");user_pref("extensions.incredibar.upn2", "6R8ESFxBKr");user_pref("extensions.incredibar.upn2n", "92825039884866459");user_pref("extensions.incredibar.vrsn", "1.5.11.14");user_pref("extensions.incredibar.vrsnTs", "1.5.11.1422:06:06");user_pref("extensions.incredibar.vrsni", "1.5.11.14");user_pref("extensions.incredibar.vrsnts", "1.5.11.1422:06:06");user_pref("extensions.incredibar_i.aflt", "orgnl");user_pref("extensions.incredibar_i.dfltLng", "");user_pref("extensions.incredibar_i.did", "10674");user_pref("extensions.incredibar_i.excTlbr", false);user_pref("extensions.incredibar_i.id", "7a682def000000000000001a80b65d40");user_pref("extensions.incredibar_i.installerproductid", "26");user_pref("extensions.incredibar_i.instlDay", "15594");user_pref("extensions.incredibar_i.instlRef", "");user_pref("extensions.incredibar_i.ms_url_id", "");user_pref("extensions.incredibar_i.newTab", false);user_pref("extensions.incredibar_i.ppd", "");user_pref("extensions.incredibar_i.prdct", "incredibar");user_pref("extensions.incredibar_i.productid", "26");user_pref("extensions.incredibar_i.prtnrId", "Incredibar");user_pref("extensions.incredibar_i.smplGrp", "none");user_pref("extensions.incredibar_i.tlbrId", "base");user_pref("extensions.incredibar_i.upn2", "6R8ESFxBKr");user_pref("extensions.incredibar_i.upn2n", "92825039884866459");user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:06:06");user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");user_pref("extensions.vshare@toolbar.update.enabled", false);user_pref("vshare.install.date", "1294185600000");user_pref("vshare.install.dumpFileCount", 0);user_pref("vshare.install.dumpFileDisabled", false);user_pref("vshare.install.finished", "1.0.2");user_pref("vshare.install.guardCount", 1);user_pref("vshare.install.guardPopupCount", 1);user_pref("vshare.install.guid", "{73ddc286-be74-46a2-be62-747eaa646aaf}");user_pref("vshare.install.isDisabled", true);user_pref("vshare.install.isHidden", true);user_pref("vshare.install.istoolbarhp", true);user_pref("vshare.install.istoolbarsearch", true);user_pref("vshare.install.laststatreq", "1294272000000");user_pref("vshare.install.newtab", true);user_pref("vshare.install.overlayVersion", 1);user_pref("vshare.install.userSPSettings", "Google");Emptied folder: C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\minidumps [10 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfdSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 01/09/2013 at 15:02:39.72End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. Hello, thanks for the reply, and apologies for my delay in performing the requests. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.31.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635Mick Emma :: MICKEMMA-PC [administrator] 31/08/2013 07:36:49MBAM-log-2013-08-31 (08-41-03).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 275985Time elapsed: 43 minute(s), 12 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 10HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken.HKCU\Software\Datamngr (PUP.Optional.DataMngr) -> No action taken.HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken. Registry Values Detected: 2HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> No action taken.HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 3C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken. Files Detected: 9C:\Users\Mick Emma\Downloads\4F4C.tmp (PUP.BundleInstaller.DW) -> No action taken.C:\Users\Mick Emma\Downloads\919E.tmp (PUP.BundleInstaller.DW) -> No action taken.C:\Users\Mick Emma\Downloads\91FC.tmp (PUP.BundleInstaller.DW) -> No action taken.C:\Users\MickEmma\Downloads\iphonebackupextractor-latest.exe (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Mick Emma\Downloads\Unconfirmed 488045.crdownload (PUP.Optional.OneClickDownloader.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken. (end) .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2Install Date: 22/11/2009 18:55:18System Uptime: 31/08/2013 07:11:36 (1 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | N/A | 983/167mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 179 GiB total, 39.712 GiB free.D: is CDROM ()E: is CDROM ()G: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP966: 06/07/2013 21:28:34 - Windows UpdateRP967: 10/07/2013 15:07:48 - Windows UpdateRP968: 01/08/2013 21:38:33 - Windows UpdateRP970: 09/08/2013 10:49:27 - Windows UpdateRP971: 09/08/2013 12:11:02 - Installed AVG 2013RP972: 09/08/2013 12:12:10 - Installed AVG 2013RP973: 09/08/2013 12:41:10 - Windows UpdateRP974: 11/08/2013 15:03:14 - Windows UpdateRP975: 17/08/2013 10:55:33 - Windows UpdateRP976: 31/08/2013 07:28:36 - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop 7.0Adobe Reader XI (11.0.03)Albelli Photo booksAmazon MP3 Downloader 1.0.17Apple Application SupportApple Mobile Device SupportApple Software UpdateAppMon UtilityAvanquest updateAVG 2013AviSynth 2.5BitTorrentBonjourcalibreCamera RAW Plug-In for EPSON Creativity SuiteCCleanerCDBurnerXPD3DX10DropboxEASEUS Data Recovery Wizard Free Edition 5.0.1EPSON Attach To EmailEPSON Easy Photo PrintEPSON File ManagerEPSON ScanEPSON Stylus SX200 Series Printer Uninstallfast4photobooksffdshow [rev 2583] [2009-01-05]Free FLAC to MP3 Converter 1.0GetDiz 4.5GIMP 2.6.11Google ChromeHaali Media SplitterHotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)iCloudImgBurnIntel® Graphics Media Accelerator DriverIntel® TV WizardiPhone Backup ExtractoriTunesJasc Paint Shop Pro 8Java 7 Update 6Java Auto UpdaterJava 6 Update 27Junk Mail filter updateLearning Lodge NavigatorMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Digital Image Library 9 - BlockerMicrosoft Digital Image Suite 2006Microsoft Digital Image Suite 2006 EditorMicrosoft Digital Image Suite 2006 LibraryMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MiniTool Partition Wizard Home Edition 7.0MobileMe Control PanelMozilla Firefox 22.0 (x86 en-GB)Mozilla Maintenance ServiceMSVC80_x64_v2MSVC80_x86_v2MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)neroxmlNTFS Undelete v0.94Numus Auto Disk Builder and Burner 1.7.3Paint.NET v3.5.8PowerISOQuickTimeRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealUpgrade 1.1RecuvaSABnzbd 0.6.15Samsung AllShareSC Ver 2.57Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sky Player DesktopSpotifyStellar Phoenix Photo Recovery v3.5TeamViewer 7Texas Instruments PCIxx21/x515 drivers.Texas Instruments PCIxx21/x515/xx12 drivers.TIPCITotal Video Converter 3.10TreeSize Free V2.5UltraISO Premium V9.36Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2768023) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VAIO UpdateVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01Visual Studio 2010 x64 RedistributablesvShare PluginVTech Download Agent LibraryVU5x64VU5x86Win7codecsWindows 7 USB/DVD Download ToolWindows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWindows XP ModeWinRAR archiverWinSCP 4.2.9WinUAE 1.6.1XP Codec PackXvid Video CodecZero Assumption Recovery Version 9.==== Event Viewer Messages From Past Week ========.31/08/2013 08:13:21, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628).31/08/2013 08:03:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2005.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9700.0&avdelta=1.155.2005.0&asdelta=1.155.2005.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8000ffff Error description: Catastrophic failure 31/08/2013 08:03:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2005.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9700.0&avdelta=1.155.2005.0&asdelta=1.155.2005.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8000ffff Error description: Catastrophic failure 31/08/2013 08:02:28, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2005.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 31/08/2013 08:02:28, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2005.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 31/08/2013 08:02:28, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2005.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 31/08/2013 07:19:39, Error: Service Control Manager [7022] - The Windows Search service hung on starting.31/08/2013 07:16:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Samsung AllShare PC service to connect.31/08/2013 07:16:58, Error: Service Control Manager [7000] - The Samsung AllShare PC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.31/08/2013 07:16:10, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.31/08/2013 07:16:10, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.31/08/2013 07:16:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}31/08/2013 07:15:49, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.31/08/2013 07:15:47, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535..==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.6.2Run by Mick Emma at 8:25:55 on 2013-08-31Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2038.401 [GMT 1:00].AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXEC:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXEC:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Users\Mick Emma\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Users\Mick Emma\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files\Sony\VAIO Update\VAIOUpdt.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\servicing\TrustedInstaller.exeC:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exec:\program files (x86)\real\realplayer\update\realsched.exeC:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Sony\VAIO Update\VUAgent.exeC:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\wuauclt.exeC:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [Google Update] "C:\Users\Mick Emma\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osbootmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentdRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:28mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.0.1TCP: Interfaces\{3AB9B2F7-CF71-4178-AF13-02C267ED32CB} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{3AB9B2F7-CF71-4178-AF13-02C267ED32CB}\E4544574541425 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{6594FB14-6F60-4FCE-9C0A-9EF6CA29EBF1} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{7B03FA9C-BD74-4506-A7F2-2EA6BFA391D0} : DHCPNameServer = 149.254.230.7 149.254.192.126Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - about:homeFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Users\Mick Emma\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Users\Mick Emma\AppData\Roaming\Facebook\npfbplugin_1_0_0.dllFF - plugin: C:\Users\Mick Emma\AppData\Roaming\Facebook\npfbplugin_1_0_3.dllFF - plugin: C:\Windows\System32\Wat\npWatWeb.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.---- FIREFOX POLICIES ----.FF - user.js: extensions.incredibar_i.newTab - falseFF - user.js: extensions.incredibar_i.id - 7a682def000000000000001a80b65d40FF - user.js: extensions.incredibar_i.instlDay - 15594FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:06:06FF - user.js: extensions.incredibar_i.prtnrId - IncredibarFF - user.js: extensions.incredibar_i.prdct - incredibarFF - user.js: extensions.incredibar_i.aflt - orgnlFF - user.js: extensions.incredibar_i.smplGrp - noneFF - user.js: extensions.incredibar_i.tlbrId - baseFF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - falseFF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8ESFxBKrFF - user.js: extensions.incredibar_i.upn2n - 92825039884866459FF - user.js: extensions.incredibar_i.productid - 26FF - user.js: extensions.incredibar_i.installerproductid - 26FF - user.js: extensions.incredibar_i.did - 10674FF - user.js: extensions.incredibar_i.ppd - ...============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-6-6 69152]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-1-11 34032]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]S?2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-3 48488]S3 GCR410P;GEMPLUS GCR410P Serial Smart Card Reader;C:\Windows\System32\drivers\grserial.sys [2009-6-10 38400]S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-12-1 14448]S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]S3 jumi;%Jumi%;C:\Windows\System32\drivers\jumi.sys [2010-6-3 15160]S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-12-31 19936]S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-12-31 13280]S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2010-1-11 113704]S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2010-1-11 19496]S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2010-1-11 153128]S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2010-1-11 133160]S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2010-1-11 34856]S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2010-1-11 128552]S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2010-1-11 146472]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2009-11-25 21200]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-6-9 16384].=============== File Associations ===============.FileExt: .txt: GetDiz.Document="C:\Program Files (x86)\GetDiz\GetDiz.exe" "%1"FileExt: .ini: GetDiz.Document="C:\Program Files (x86)\GetDiz\GetDiz.exe" "%1"ShellExec: pi11.exe: Open="C:\Program Files (x86)\Microsoft Digital Image 2006\pi.exe" "%1".=============== Created Last 30 ================.2013-08-31 07:06:56 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EFA624FD-5643-4F7F-817A-B59A3B9944E0}\gapaengine.dll2013-08-31 06:52:20 -------- d-----w- C:\Windows\System32\MRT2013-08-11 13:25:23 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B19B4BCB-2096-4761-AE7B-75F94ACF7080}\mpengine.dll2013-08-09 11:17:58 -------- d-----w- C:\Users\Mick Emma\AppData\Roaming\AVG20132013-08-09 11:15:37 -------- d-----w- C:\Users\Mick Emma\AppData\Roaming\TuneUp Software2013-08-09 11:13:24 -------- d--h--w- C:\$AVG2013-08-09 11:13:23 -------- d-----w- C:\ProgramData\AVG20132013-08-09 11:11:53 -------- d-----w- C:\Program Files (x86)\AVG2013-08-09 09:07:24 -------- d--h--w- C:\ProgramData\Common Files2013-08-09 09:07:23 -------- d-----w- C:\Users\Mick Emma\AppData\Local\MFAData2013-08-09 09:07:23 -------- d-----w- C:\Users\Mick Emma\AppData\Local\Avg20132013-08-09 09:07:23 -------- d-----w- C:\ProgramData\MFAData2013-08-09 08:52:15 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-08-01 20:47:38 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D0C3A3B-F6D0-4EF1-A3DA-78CA5A94AFC4}\gapaengine.dll2013-08-01 20:38:55 624128 ----a-w- C:\Windows\System32\qedit.dll2013-08-01 20:38:55 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-08-01 20:38:49 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-08-01 20:38:48 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-08-01 20:38:48 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-08-01 20:38:47 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-08-01 20:38:47 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-08-01 20:38:47 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-08-01 20:38:46 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-08-01 20:38:40 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-08-01 20:38:39 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-08-01 20:37:24 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-08-01 20:37:19 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-08-01 20:37:19 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-08-01 20:37:18 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-08-01 20:37:18 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-08-01 20:37:17 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-08-01 20:37:13 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-08-01 20:37:13 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-08-01 20:36:03 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-08-01 20:36:03 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll.==================== Find3M ====================.2013-07-20 00:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys2013-07-20 00:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2013-07-20 00:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2013-07-20 00:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2013-07-10 00:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys2013-07-06 20:39:38 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-01 00:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb.============= FINISH: 8:35:45.67 ===============
  7. My pc has been running slow for months, but as we use it less and less it's been largely ignored. Last weekend I decided to address it, and ran ccleaner, changed avira antivirus to avg, ran the antivirus which picked up a programme (some keygen from years ago). It was running fine, until my son used mozilla firefox to go on cbeebie flash games, and since then it's been running slow again. The browser I usually use is chrome, but it seems that since running mozilla it's slowed the whole system down. I've ran a malware bytes scan, and it's picked up 12 pup's. I haven't deleted them yet, as I'll post on here to see if I should remove. Here is the log Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.09.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635Mick Emma :: MICKEMMA-PC [administrator] 17/08/2013 09:41:56MBAM-log-2013-08-17 (10-45-10).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 272457Time elapsed: 58 minute(s), 51 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 3C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken. Files Detected: 7C:\Users\Mick Emma\Downloads\4F4C.tmp (PUP.BundleInstaller.DW) -> No action taken.C:\Users\Mick Emma\Downloads\919E.tmp (PUP.BundleInstaller.DW) -> No action taken.C:\Users\Mick Emma\Downloads\91FC.tmp (PUP.BundleInstaller.DW) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.