helenDAW

Thanks Ron I will print off the instructions for these at work tomorrow as I don't have a printer at home! will let you know how I get on Thanks for all your help so far Helen

No I don't think so. We've moved house since getting this laptop and were bad at holding onto important things!!

Well computer still won't restart, the mbam software won't update. I'm just scared that someone may still be able to see my passwords and stuff! I would also like to get google chrome back, do you think il be able to do that now? Does system look clean now?

Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.27.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Daisy :: DAISY-HP [administrator] Protection: Enabled 05/09/2013 20:44:26 mbam-log-2013-09-05 (20-44-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217396 Time elapsed: 7 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

TDSSKiller.2.9.2.0_05.09.2013_20.35.34_log.txt

im trying to post my TDSS killer log but its saying its too long. Here the end bit 20:37:47.0753 0x14f0 ============================================================ 20:37:47.0753 0x14f0 Scan finished 20:37:47.0753 0x14f0 ============================================================ 20:37:47.0769 0x14e8 Detected object count: 5 20:37:47.0769 0x14e8 Actual detected object count: 5 20:37:59.0203 0x14e8 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:37:59.0203 0x14e8 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:37:59.0203 0x14e8 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user 20:37:59.0203 0x14e8 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:37:59.0203 0x14e8 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:37:59.0203 0x14e8 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:37:59.0219 0x14e8 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 20:37:59.0219 0x14e8 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:37:59.0219 0x14e8 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user 20:37:59.0219 0x14e8 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Thanks, I am running the IE reset tool now

Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.07.26.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Daisy :: DAISY-HP [administrator] 02/09/2013 19:42:22 mbar-log-2013-09-02 (19-42-22).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 234089 Time elapsed: 14 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)

# AdwCleaner v3.002 - Report created 02/09/2013 at 22:52:13 # Updated 01/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Daisy - DAISY-HP # Running from : C:\Users\Daisy\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Daisy\AppData\Roaming\Mozilla\Firefox\Profiles\5j9du07i.default\prefs.js ] Line Deleted : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n\nfunction buttonClick() { \n \n if (appAPI.platform == \"FF\") window.open(\"file:///C:/codec-info/codec_info.html\");\n if (app[...] Line Deleted : user_pref("extensions.crossriderapp435.435.js", "\n\n$jquery(document).ready(function() {\n \n $jquery('#cblocker').remove();\n if(window.self==window.top && 'mystart.incredibar.com,search.baby[...] Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_10.code", "if(!appAPI.matchPages(\"search.babylon.com\",\"search.sweetim.com\",\"mystart.incredimail.com\",\"mystart.incredibar.com\",\"search[...] Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator!=[...] Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&typeof[...] Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_49.code", "if (!appAPI.monetize || appAPI.monetize.isNeedToRun(\"monitzation_100\")) {\n \n(function($,e,b){var c=\"hashchange\",h=document,f,[...] Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_50.code", "function create_id(string_size) {\n var text = \"\";\n var possible = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0[...] Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);};var b=function(e){return(!!e[...] Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_NAME% value is not suppor[...] Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(function[...] Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=appA[...] Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp435%40crossrider.com:0.91.75,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1"); -\\ Google Chrome v [ File : C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : icon_url Deleted : search_url ************************* AdwCleaner[R0].txt - [3946 octets] - [02/09/2013 22:50:33] AdwCleaner[s0].txt - [3903 octets] - [02/09/2013 22:52:13] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3963 octets] ##########

Hi Ron I was trying to post the mbar log but was not letting me reply as quickly however I just finished running adecleaner and attempting to now reboot but the problem is that my system won't restart or shut down... It says perpetually as 'preparing to configure' or 'shutting down'. So lots of the steps require reboots that I'm struggling to do... Is that something a virus can do? My computer is currently sat in logging off mode (I'm on my phone)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.7 (09.01.2013:1) OS: Windows 7 Home Premium x64 Ran by Daisy on 02/09/2013 at 19:59:32.30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-324888256-1376828831-3609373928-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1AB75F4-3FE0-40D3-AEB5-C2516742C7AA} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA99F352-198E-4DDA-B196-FD7D1520A383} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FC0C0170-4EB0-430D-A7F3-939EE7EA1A25} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EA99F352-198E-4DDA-B196-FD7D1520A383} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\premium" Successfully deleted: [Folder] "C:\Users\Daisy\appdata\local\codec-v" Successfully deleted: [Folder] "C:\Program Files (x86)\codec-v" ~~~ FireFox Successfully deleted: [File] C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\searchplugins\safesearch.xml Successfully deleted: [Folder] C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\extensions\crossriderapp435@crossrider.com Successfully deleted: [Folder] C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\extensions\staged Successfully deleted the following from C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\prefs.js user_pref("extensions.crossrider.bic", "137db3fc1bbd900e8e28ea35d73afaef"); user_pref("extensions.crossriderapp435.435.InstallationThankYouPage", true); user_pref("extensions.crossriderapp435.435.InstallationTime", 1336770784); user_pref("extensions.crossriderapp435.435.InstallationUserSettings.searchUserConifrmation", false); user_pref("extensions.crossriderapp435.435.InstallationUserSettings.setHomepage", false); user_pref("extensions.crossriderapp435.435.InstallationUserSettings.setNewTab", false); user_pref("extensions.crossriderapp435.435.InstallationUserSettings.setSearch", false); user_pref("extensions.crossriderapp435.435.active", true); user_pref("extensions.crossriderapp435.435.addressbar", ""); user_pref("extensions.crossriderapp435.435.addressbarenhanced", ""); user_pref("extensions.crossriderapp435.435.affid", "0"); user_pref("extensions.crossriderapp435.435.backgroundjs", "\n\nfunction buttonClick() { \n \n if (appAPI.platform == \"FF\") window.open(\"file:///C:/codec-info/codec user_pref("extensions.crossriderapp435.435.backgroundver", 9); user_pref("extensions.crossriderapp435.435.can_run_bg_code", true); user_pref("extensions.crossriderapp435.435.certdomaininstaller", ""); user_pref("extensions.crossriderapp435.435.changeprevious", false); user_pref("extensions.crossriderapp435.435.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.cookie.InstallationTime.value", "1336770784"); user_pref("extensions.crossriderapp435.435.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221339413266%22"); user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22"); user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2244476%22"); user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.value", "435"); user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value", "14969"); user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.value", "%222993%22"); user_pref("extensions.crossriderapp435.435.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Daylight Time)"); user_pref("extensions.crossriderapp435.435.cookie.previous_page.value", "%22hxxp%3A//www.google.com/%22"); user_pref("extensions.crossriderapp435.435.cookie.session_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Daylight Time)"); user_pref("extensions.crossriderapp435.435.cookie.session_id.value", "%22x5o42odFfz%22"); user_pref("extensions.crossriderapp435.435.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.cookie.user_id.value", "%22137db3fc1bbd900e8e28ea35d73afaef%22"); user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check"); user_pref("extensions.crossriderapp435.435.domain", ""); user_pref("extensions.crossriderapp435.435.emailsig", ""); user_pref("extensions.crossriderapp435.435.enablesearch", false); user_pref("extensions.crossriderapp435.435.exposesites", ""); user_pref("extensions.crossriderapp435.435.fbremoteurl", ""); user_pref("extensions.crossriderapp435.435.group", 0); user_pref("extensions.crossriderapp435.435.homepage", ""); user_pref("extensions.crossriderapp435.435.iframe", false); user_pref("extensions.crossriderapp435.435.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22F610BA9DCB994BCB9CF5EF23E38487E9IE%22%2C%22installer_verifier%2 user_pref("extensions.crossriderapp435.435.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.internaldb.Resources_appVer.value", "75"); user_pref("extensions.crossriderapp435.435.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.internaldb.Resources_lastVersion.value", "0"); user_pref("extensions.crossriderapp435.435.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.crossriderapp435.435.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); user_pref("extensions.crossriderapp435.435.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.crossriderapp435.435.js", "\n\n$jquery(document).ready(function() {\n \n $jquery('#cblocker').remove();\n if(window.self==window.top && 'mystart.i user_pref("extensions.crossriderapp435.435.manifesturl", ""); user_pref("extensions.crossriderapp435.435.name", "Codec-V"); user_pref("extensions.crossriderapp435.435.newtab", ""); user_pref("extensions.crossriderapp435.435.opensearch", ""); user_pref("extensions.crossriderapp435.435.plugins.plugin_10.code", "if(!appAPI.matchPages(\"search.babylon.com\",\"search.sweetim.com\",\"mystart.incredimail.com\",\"mystart. user_pref("extensions.crossriderapp435.435.plugins.plugin_10.name", "app_435_specific"); user_pref("extensions.crossriderapp435.435.plugins.plugin_10.ver", 5); user_pref("extensions.crossriderapp435.435.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection( user_pref("extensions.crossriderapp435.435.plugins.plugin_13.name", "CrossriderAppUtils"); user_pref("extensions.crossriderapp435.435.plugins.plugin_13.ver", 3); user_pref("extensions.crossriderapp435.435.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&& user_pref("extensions.crossriderapp435.435.plugins.plugin_14.name", "CrossriderUtils"); user_pref("extensions.crossriderapp435.435.plugins.plugin_14.ver", 3); user_pref("extensions.crossriderapp435.435.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_f user_pref("extensions.crossriderapp435.435.plugins.plugin_16.name", "FFAppAPIWrapper"); user_pref("extensions.crossriderapp435.435.plugins.plugin_16.ver", 7); user_pref("extensions.crossriderapp435.435.plugins.plugin_17.name", "jQuery"); user_pref("extensions.crossriderapp435.435.plugins.plugin_17.ver", 4); user_pref("extensions.crossriderapp435.435.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(fu user_pref("extensions.crossriderapp435.435.plugins.plugin_47.name", "resources_background"); user_pref("extensions.crossriderapp435.435.plugins.plugin_47.ver", 3); user_pref("extensions.crossriderapp435.435.plugins.plugin_49.code", "if (!appAPI.monetize || appAPI.monetize.isNeedToRun(\"monitzation_100\")) {\n \n(function($,e,b){var c=\"h user_pref("extensions.crossriderapp435.435.plugins.plugin_49.name", "similar_web"); user_pref("extensions.crossriderapp435.435.plugins.plugin_49.ver", 4); user_pref("extensions.crossriderapp435.435.plugins.plugin_50.code", "function create_id(string_size) {\n var text = \"\";\n var possible = \"ABCDEFGHIJKLMNOPQRSTUVWXYZab user_pref("extensions.crossriderapp435.435.plugins.plugin_50.name", "similar_web_bg"); user_pref("extensions.crossriderapp435.435.plugins.plugin_50.ver", 1); user_pref("extensions.crossriderapp435.435.plugins.plugin_60.code", "var MonitizationPluginsBase=function(){var a=appAPI.internal&&appAPI.internal.db?appAPI.internal.db:appAPI user_pref("extensions.crossriderapp435.435.plugins.plugin_60.name", "base_monetization"); user_pref("extensions.crossriderapp435.435.plugins.plugin_60.ver", 1); user_pref("extensions.crossriderapp435.435.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);};var user_pref("extensions.crossriderapp435.435.plugins.plugin_64.name", "appApiMessage"); user_pref("extensions.crossriderapp435.435.plugins.plugin_64.ver", 2); user_pref("extensions.crossriderapp435.435.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_ user_pref("extensions.crossriderapp435.435.plugins.plugin_72.name", "appApiValidation"); user_pref("extensions.crossriderapp435.435.plugins.plugin_72.ver", 3); user_pref("extensions.crossriderapp435.435.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!= user_pref("extensions.crossriderapp435.435.plugins.plugin_78.name", "CrossriderInfo"); user_pref("extensions.crossriderapp435.435.plugins.plugin_78.ver", 3); user_pref("extensions.crossriderapp435.435.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true) user_pref("extensions.crossriderapp435.435.plugins.plugin_98.name", "omniCommands"); user_pref("extensions.crossriderapp435.435.plugins.plugin_98.ver", 2); user_pref("extensions.crossriderapp435.435.plugins_lists.plugins_0", "14,78,16,64,47,72,98,50"); user_pref("extensions.crossriderapp435.435.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98,60,49,10"); user_pref("extensions.crossriderapp435.435.plugins_lists.plugins_5", "14,78,13,16,64,47,72"); user_pref("extensions.crossriderapp435.435.pluginsversion", 24); user_pref("extensions.crossriderapp435.435.premium", true); user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay"); user_pref("extensions.crossriderapp435.435.searchstatus", 0); user_pref("extensions.crossriderapp435.435.setnewtab", false); user_pref("extensions.crossriderapp435.435.settingsurl", ""); user_pref("extensions.crossriderapp435.435.thankyou", ""); user_pref("extensions.crossriderapp435.435.updateinterval", 360); user_pref("extensions.crossriderapp435.435.ver", 75); user_pref("extensions.crossriderapp435.adsOldValue", -1); user_pref("extensions.crossriderapp435.apps", "435"); user_pref("extensions.crossriderapp435.bic", "137db3fc1bbd900e8e28ea35d73afaef"); user_pref("extensions.crossriderapp435.cid", 435); user_pref("extensions.crossriderapp435.firstrun", false); user_pref("extensions.crossriderapp435.hadappinstalled", true); user_pref("extensions.crossriderapp435.installationdate", 1339413218); user_pref("extensions.crossriderapp435.lastcheck", 22958930); user_pref("extensions.crossriderapp435.lastcheckitem", 22958930); user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1341847017967"); user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1341847017959"); user_pref("extensions.crossriderapp435.modetype", "production"); user_pref("extensions.crossriderapp435.statsDailyCounter", 6); user_pref("extensions.crossriderapp435.updating", true); Emptied folder: C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\minidumps [23 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02/09/2013 at 21:01:44.75 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Is it usual for RogueKiller to take so long to scan? Almost an hour at the moment...

Still had no reply on this...

Threats found on MBAM for further information. It says they are in quarantine but still unable to restart computer - Trojan.lily.jade - PUP.Codec.PR - Adware Linkular

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 16/08/2011 16:35:49 System Uptime: 27/08/2013 20:31:16 (0 hours ago) . Motherboard: Hewlett-Packard | | 1439 Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU | 2261/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 281 GiB total, 219.642 GiB free. D: is FIXED (NTFS) - 16 GiB total, 2.357 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP218: 26/03/2013 20:15:51 - Windows Update RP219: 02/04/2013 10:28:12 - Installed HP Support Assistant RP220: 02/04/2013 10:33:18 - Windows Modules Installer RP221: 02/04/2013 10:35:21 - Windows Modules Installer RP222: 11/04/2013 09:46:47 - Windows Update . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX 64-bit Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) Adobe Shockwave Player 11.5 Agatha Christie - Death on the Nile Apple Application Support Apple Software Update Bejeweled 2 Deluxe Blackhawk Striker 2 CCleaner Chuzzle Deluxe CyberLink DVD Suite CyberLink PowerDVD 9 CyberLink YouCam Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dora's Carnival Adventure Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 Facebook Video Calling 1.2.0.287 FATE Final Drive Nitro Google Earth Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 HP Customer Experience Enhancements HP Documentation HP Game Console HP Games HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP Software Framework HP Support Assistant HP Wireless Assistant Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 20 Java 6 Update 20 (64-bit) Jewel Quest - Heritage Junk Mail filter update LabelPrint LightScribe System Software Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 23.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MyTomTom 3.2.0.906 Norton 360 Penguins! PhotoNow! Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector Ralink Motorola BC4 Bluetooth 3.0+HS Adapter Ralink RT3090 802.11b/g/n WiFi Adapter Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Recovery Manager RtVOsd SafeSearch Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype™ 6.1 Spotify Synaptics Pointing Device Driver TeamViewer 6 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Virtual Villagers - The Secret City Visual Studio 2008 x64 Redistributables Visual Studio C++ 10.0 Runtime VLC media player 2.0.1 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 27/08/2013 20:39:06, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 27/08/2013 20:32:10, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 27/08/2013 20:32:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 27/08/2013 20:32:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 27/08/2013 20:31:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 27/08/2013 20:31:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 27/08/2013 20:31:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 SMR322 spldr SRTSPX SymIRON SymNetS Wanarpv6 27/08/2013 20:26:38, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 26/08/2013 19:14:39, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 26/08/2013 19:10:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SMR322 26/08/2013 18:21:04, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 26/08/2013 18:21:04, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 26/08/2013 15:07:46, Error: mbamchameleon [61440] - 26/08/2013 00:02:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 26/08/2013 00:02:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Device Manager with arguments "" in order to run the server: {3428CA47-50B8-48C2-8839-48D3C4C59B23} 26/08/2013 00:01:00, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 26/08/2013 00:00:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 26/08/2013 00:00:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 26/08/2013 00:00:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 26/08/2013 00:00:17, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 25/08/2013 19:48:39, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user Daisy-HP\Daisy SID (S-1-5-21-324888256-1376828831-3609373928-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================