jam_spoons
-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by jam_spoons
-
-
Hello again,
Here is the log you requested from Combofix.
ComboFix 14-06-04.01 - dave 05/06/2014 16:43:37.3.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.992 [GMT 1:00]Running from: c:\users\dave\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..D:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2014-05-05 to 2014-06-05 )))))))))))))))))))))))))))))))..2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\Public\AppData\Local\temp2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\lukezoe\AppData\Local\temp2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-05 15:17 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F75DA5F-2F58-4B84-80AA-27EBDB405541}\mpengine.dll2014-05-27 07:54 . 2014-04-23 10:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CA70509-53EF-4162-A854-0C175121B3F7}\gapaengine.dll2014-05-27 07:53 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-05-22 10:45 . 2014-05-22 10:45 -------- d-----w- c:\programdata\Malwarebytes2014-05-19 20:36 . 2014-05-19 20:36 -------- d-----w- c:\program files\ESET2014-05-15 15:53 . 2014-05-15 15:55 -------- d-----w- C:\FRST2014-05-15 12:45 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb2014-05-08 13:17 . 2014-05-08 13:18 -------- d-----w- c:\users\dave\AppData\Roaming\Foxit Software2014-05-08 13:17 . 2014-05-08 13:17 -------- d-----w- c:\users\Public\Foxit Software2014-05-08 13:17 . 2014-05-08 13:17 -------- d-----w- c:\program files\Foxit Software2014-05-08 12:55 . 2014-04-23 10:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-04-17 04:32 . 2014-05-05 14:56 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D86B080E-DD22-4B81-8416-4C9EAE2F3CC6}\mpengine.dll2014-03-31 21:46 . 2014-03-31 21:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL2014-03-31 21:46 . 2014-03-31 21:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX2014-03-11 08:52 . 2014-03-11 08:52 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2014-03-07 23:12 . 2014-04-11 08:42 1806848 ----a-w- c:\windows\system32\jscript9.dll2014-03-07 23:02 . 2014-04-11 08:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2014-03-07 23:02 . 2014-04-13 02:00 1129472 ----a-w- c:\windows\system32\wininet.dll2014-03-07 22:57 . 2014-04-11 08:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe2014-03-07 22:56 . 2014-04-11 08:42 421376 ----a-w- c:\windows\system32\vbscript.dll2009-03-31 21:47 . 2008-10-27 16:10 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll2009-11-24 16:17 . 2008-12-15 17:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2014-04-23 533568].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576].c:\users\lukezoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe -T [2005-10-28 1404928].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^Users^dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]path=c:\users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnkbackup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2014-02-21 02:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]2007-03-01 14:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3661334880-1982377886-768432890-1002]"EnableNotificationsRef"=dword:00000001.R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-06-05 15:27 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:12].2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:12]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.comuSearch Page = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuInternet Settings,ProxyServer =uSearchAssistant = hxxp://www.google.comuSearchURL,(Default) = hxxp://www.google.com/keyword/%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1 0.0.0.0..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-06-05 16:52Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ....scanning hidden autostart entries ....scanning hidden files ....scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.032".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ani".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.bay".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.bmp".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.bw".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.cr2".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.crw".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.cs1".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.cur".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.dcr".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.dcx".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.dib".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.djv".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.djvu".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.dng".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.emf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.eps".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.erf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.fff".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.fpx".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.gif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.icl".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.icn".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ico".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.iff".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ilbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.int".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.inta".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.iw4".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.j2c".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.j2k".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jfif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jp2".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpc".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpe".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpeg".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]@Denied: (2) (S-1-5-21-3661334880-1982377886-768432890-1002)@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpg".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpk".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpx".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.lbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.mos".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.mrw".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.nef".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.orf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pcd".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pct".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pcx".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pef".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pgm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pic".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pict".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pix".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.png".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ppm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.psd".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.psp".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.raf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ras".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.raw".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.rgb".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.rgba".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.rle".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.rsb".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.sgi".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.sr2".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.srf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.tga".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.thm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.tif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.tiff".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ttc".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ttf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.v9o".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.v9p".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.v9pf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.wbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.wbmp".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.wmf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.xbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.xif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.xpm".Completion time: 2014-06-05 16:54:22ComboFix-quarantined-files.txt 2014-06-05 15:54ComboFix2.txt 2014-05-05 16:08.Pre-Run: 129,326,952,448 bytes freePost-Run: 128,774,467,584 bytes free.- - End Of File - - 3C42FE7CA9246D8E4FB8369E02668B8464B1E91C5C6C2157642651010728F90F -
Hello,
I've tried that again and it still won't allow any communications through the Belkin adaptor. It works fine over wire or if MBAM is switched off.
It's not so important as she has MSE on there and she can run MBAM scans but I would have liked to get it working for her as it's such a good program.
-
Hi,
I don't know if you're still looking into this but I've had to disable Malwarebytes on startup in order to get online. I tried adding the Belkin adapter executable file to the MBAM exceptions rules but that didn't work either. Everything works fine together over the ethernet wire but there's no way for her to keep that as a permanent solution. I've tried uninstalling MBAM several times with your clean tool but the same problem occurs every time I reinstall it.
Everything runs smoothly as long as MBAM isn't running and I've told my friend to run a scan once each week as a precaution.
Other than this, I don't know what to do. I didn't want her to remove MBAM entirely but it's the only way she can get online.
Thanks
-
Hi,
Only two items found on the eset scan.
C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 a variant of Win32/DomaIQ.BB potentially unwanted application deleted - quarantined
C:\Users\dave\AppData\Local\Temp\50901435-e514-44b5-8484-391a4398a971\software\Cloud_Backup_Setup.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined
I'm wondering if this isn't a problem with the Belkin USB wifi not getting through Malwarebytes as the internet works fine over wire?
Many thanks
-
Hello again. Many thanks for your reply.
Here are the two logs you requested.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x86
Ran by dave on 18/05/2014 at 15:09:36.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\dave\appdata\locallow\smartbar"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/05/2014 at 15:11:55.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.208 - Report created 18/05/2014 at 15:16:13
# Updated 11/05/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : dave - DAVE-PC
# Running from : C:\Users\dave\Downloads\adwcleaner_3.208.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\dave\AppData\Roaming\Solvusoft
Folder Deleted : C:\Users\dave\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v2.0 (en-GB)
[ File : C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\prefs.js ]
-\\ Google Chrome v34.0.1847.137
[ File : C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317933&octid=EB_ORIGINAL_CTID&ISID=MB450E33F-1D4E-4DC5-AE1B-8680844F5483&SearchSource=58&CUI=&UM=5&UP=SP31BD9838-B86D-4CC4-8676-B37F182402FE&q={searchTerms}&SSPV=
*************************
AdwCleaner[R0].txt - [4657 octets] - [05/05/2014 16:35:00]
AdwCleaner[R1].txt - [1007 octets] - [05/05/2014 17:10:40]
AdwCleaner[R2].txt - [2428 octets] - [18/05/2014 15:13:34]
AdwCleaner[s0].txt - [4800 octets] - [05/05/2014 16:36:10]
AdwCleaner[s1].txt - [1068 octets] - [05/05/2014 17:11:14]
AdwCleaner[s2].txt - [2375 octets] - [18/05/2014 15:16:13]
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2435 octets] ##########
-
Hi Borislav,
Many thanks for replying. I pay for a subscription to Malwarebytes but I'm doing this for a friend who doesn't and I found this forum very helpful last time so I just thought I'd come back.
Norton was removed before I installed MSE. I used a Norton uninstaller tool but I notice it has still left some files and folders in there. I've done my best to remove all of those but I think there may still be items remaining.
I've also done my best to uninstall the items on your list using Revo.
Here is the Mbam scan log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 16/05/2014
Scan Time: 20:04:06
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.16.13
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: dave
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309720
Time Elapsed: 14 min, 4 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, Quarantined, [f12cada5a7d4c76f48324172ff0433cd],
Physical Sectors: 0
(No malicious items detected)
(end) -
Log continued
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-05-2014
Ran by dave at 2014-05-15 16:54:05
Running from C:\Users\dave\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation) Hidden
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
DMUninstaller (HKLM\...\DMUninstaller) (Version: - ) <==== ATTENTION
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Internet From BT (Version: - ) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
MagicSports 3.5 (Version: - ) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft® Office Trial 2007 (HKLM\...\OFF2k7_UK) (Version: - )
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Norton 360 (Version: 1.0.0.184 - Symantec Corporation) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Packard Bell ImageWriter (HKLM\...\ImageWriter) (Version: - )
Packard Bell LCD Test (HKLM\...\LCDTest) (Version: - )
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek HD Audio V6.0.1.5377 (HKLM\...\AUDIO_REALTEK) (Version: - )
Realtek High Definition Audio Driver (Version: 6.0.1.5377 - Realtek Semiconductor Corp.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search Protect (HKLM\...\SearchProtect) (Version: 2.12.20.154 - Conduit) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Video NVIDIA v162.22 (HKLM\...\VIDEO_NVIDIA) (Version: - )
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios)
Yahoo Community Smartbar Engine (HKCU\...\{86bc7a88-4fb1-4c79-b21b-31909aa79005}) (Version: 11.47.66.16718 - Linkury Inc.) <==== ATTENTION
==================== Restore Points =========================
15-03-2014 13:08:06 Windows Update
22-03-2014 09:51:16 Windows Update
22-03-2014 10:31:24 Norton_Power_Eraser_20140322103124593
11-04-2014 08:19:20 Windows Update
12-04-2014 08:26:50 Windows Update
13-04-2014 02:00:28 Windows Update
14-04-2014 16:09:12 Scheduled Checkpoint
14-04-2014 17:01:51 Windows Update
14-04-2014 17:18:52 Removed Facebook Video Calling 2.0.0.447
14-04-2014 17:23:31 Removed Safari
14-04-2014 17:29:52 Removed Adobe Community Help
14-04-2014 17:30:41 Removed Java 6 Update 37
14-04-2014 19:07:22 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
14-04-2014 19:08:09 Device Driver Package Install: Apple Network adapters
14-04-2014 19:10:25 Revo Uninstaller's restore point - WinRAR 4.01 (32-bit)
19-04-2014 07:31:32 Windows Update
27-04-2014 15:17:06 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.1.1004
27-04-2014 15:18:06 Revo Uninstaller's restore point - Norton 360 2007
01-05-2014 19:27:51 Windows Update
05-05-2014 14:54:06 Windows Update
05-05-2014 16:17:44 Revo Uninstaller's restore point - iBackupBot for iTunes 3.6.4
05-05-2014 16:19:58 Revo Uninstaller's restore point - Sony Picture Utility
05-05-2014 16:20:27 Removed Sony Picture Utility
05-05-2014 16:20:52 Removed Browser
05-05-2014 16:21:21 Revo Uninstaller's restore point - Infocentre Rev. 2.0
05-05-2014 16:21:55 Removed VolumeWatcher
05-05-2014 16:22:25 Removed InitTool
05-05-2014 16:22:52 Revo Uninstaller's restore point - Media Go
05-05-2014 16:23:05 Removed Media Go
05-05-2014 16:23:19 Removed Importer
05-05-2014 16:23:49 Removed Announce
05-05-2014 16:24:55 Removed Map View
05-05-2014 16:25:26 Removed DataDiscMaker
05-05-2014 16:25:53 Removed SBS_PXEngine
05-05-2014 16:26:23 Removed Shared3
05-05-2014 16:26:55 Revo Uninstaller's restore point - AMR to MP3 Converter 1.4
05-05-2014 16:28:42 Revo Uninstaller's restore point - Adobe Shockwave Player 11.5
05-05-2014 16:29:39 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin
05-05-2014 16:30:41 Revo Uninstaller's restore point - Adobe Reader 8.1.2
05-05-2014 16:32:26 Revo Uninstaller's restore point - Adobe AIR
05-05-2014 16:33:23 Revo Uninstaller's restore point - Adobe Download Assistant
05-05-2014 16:39:39 Revo Uninstaller's restore point - Adobe Download Assistant
05-05-2014 16:40:31 Removed Adobe Download Assistant
05-05-2014 16:43:04 Revo Uninstaller's restore point - Adobe Reader 8
05-05-2014 16:45:03 Revo Uninstaller's restore point - Keyboard FIJI
05-05-2014 16:45:44 Revo Uninstaller's restore point - SetUp My PC
05-05-2014 16:47:19 Revo Uninstaller's restore point - FBackup 4
05-05-2014 16:48:37 Revo Uninstaller's restore point - Shockwave player 10
05-05-2014 16:49:50 Revo Uninstaller's restore point - Packard Bell Updator
05-05-2014 16:50:46 Revo Uninstaller's restore point - Flash Player 9 Internet Explorer
05-05-2014 16:51:35 Revo Uninstaller's restore point - HDReg
05-05-2014 16:51:50 Removed HDReg
05-05-2014 16:55:00 Windows Update
05-05-2014 17:13:04 Windows Update
14-05-2014 19:48:43 Revo Uninstaller's restore point - Yahoo Community Smartbar
14-05-2014 19:51:41 Removed Yahoo Community Smartbar
14-05-2014 20:06:29 Windows Update
15-05-2014 12:27:59 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.1.1004
15-05-2014 12:42:56 Windows Update
15-05-2014 13:28:22 Revo Uninstaller's restore point - Google Chrome
==================== Hosts content: ==========================
2006-11-02 11:23 - 2014-05-05 17:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {01C0C708-2445-4DC6-8357-67934793AB0D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {05037DF8-29BC-45D5-A634-C3D61D8146A9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {288FE330-0558-43F1-8BE0-89BAC4092267} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3FDBE9E7-BF49-459C-99F6-0F787E986836} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {688B2C34-3847-4863-B613-326116596225} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe
Task: {79C91841-82B3-418F-A2C1-3009C568F8D9} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe
Task: {7B5A4A79-F263-4385-9115-89B0EC84E34E} - System32\Tasks\Microsoft\Windows\RestartManager\{BF68DABD-A8AD-4eb1-BD52-BC8E4AD1935B} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {981A63BA-6270-4977-814B-81DF81F0BB24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)
Task: {C438F13B-9434-499F-A73B-6226A70EB01A} - System32\Tasks\AdobeAAMUpdater-1.0-dave-PC-dave => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {CC6D768B-5141-4365-ACB4-769BBF41219B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - dave => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EA863FBF-423C-4C92-B5AD-3B7DB9558F8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)
Task: {F4890BCD-656E-433C-945D-A7433AB473B3} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-08 14:18 - 2014-05-08 14:18 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-04-14 18:50 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2005-10-28 12:13 - 2005-10-28 12:13 - 00167936 _____ () C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll
2005-10-28 12:13 - 2005-10-28 12:13 - 00061440 _____ () C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08
AlternateDataStreams: C:\Users\dave\Desktop\Holiday snaps:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\elps:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\HMRC Submission receipt_files:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\ModLoader (3):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\SMP's Revival:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\YogBox_1.7.3_B6 (2):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\bin:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\config:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Datel:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\elps:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\luke homework folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\MapView:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\mods:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\My Projects:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder (2):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder (3):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder (5):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder (6):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New price.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\Documents\OneNote Notebooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Picture Motion Browser:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\resources:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\samsung:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\saves:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\stats:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Symantec:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\texturepacks:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Updater5:Roxio EMC Stream
AlternateDataStreams: C:\Users\lukezoe\Documents\My Google Gadgets:Roxio EMC Stream
AlternateDataStreams: C:\Users\lukezoe\Documents\OneNote Notebooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\Public\Roaming:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: GoogleDesktopManager-110309-193829 => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\startupfolder: C:^Users^dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
==================== Faulty Device Manager Devices =============
Name: HL-DT-ST DVDRAM GSA-H40N ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: USB CF Reader
Description: USB CF Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: USB MS Reader
Description: USB MS Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: USB SD Reader
Description: USB SD Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: USB SM Reader
Description: USB SM Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2014 02:28:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {3dfac78a-3276-4675-ba39-30a67139caba}
Error: (05/15/2014 02:16:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.
Error: (05/15/2014 02:16:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12017 (0x2ef1)
Error: (05/15/2014 02:15:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.
Error: (05/15/2014 02:15:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12017 (0x2ef1)
Error: (05/15/2014 02:08:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0xfd4, application start time 0xmbam.exe0.
Error: (05/15/2014 02:08:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application taskmgr.exe, version 6.0.6001.18000, time stamp 0x47918e94, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x73c874b2,
process id 0x468, application start time 0xtaskmgr.exe0.
Error: (05/15/2014 02:05:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.
Error: (05/15/2014 02:05:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12017 (0x2ef1)
Error: (05/15/2014 02:05:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.
System errors:
=============
Error: (05/15/2014 02:57:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.173.2219.0){C9FF5D63-6345-4A19-AD5E-7158C080C815}201
Error: (05/15/2014 02:55:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.173.2219.0
Update Source: %NT AUTHORITY59
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/15/2014 02:30:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 111.13.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/15/2014 02:30:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.173.1635.0
Update Source: %NT AUTHORITY51
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/15/2014 02:30:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.173.1635.0
Update Source: %NT AUTHORITY51
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/15/2014 02:29:47 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.173.1635.0
Update Source: %NT AUTHORITY59
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/15/2014 02:20:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 111.13.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/15/2014 02:20:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.173.1635.0
Update Source: %NT AUTHORITY51
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/15/2014 02:20:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.173.1635.0
Update Source: %NT AUTHORITY51
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (05/15/2014 02:20:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.173.1635.0
Update Source: %NT AUTHORITY59
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Microsoft Office Sessions:
=========================
Error: (01/19/2014 11:12:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2258 seconds with 240 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-05-15 16:53:52.058
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-15 16:53:51.731
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-15 16:53:51.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-15 16:53:51.044
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-15 16:53:50.561
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-15 16:53:50.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-15 16:53:49.827
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-15 16:53:49.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-15 16:53:34.078
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-15 16:53:33.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 2045.76 MB
Available physical RAM: 964.17 MB
Total Pagefile: 4346.77 MB
Available Pagefile: 3127.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.01 MB
==================== Drives ================================
Drive c: (HDD) (Fixed) (Total:224.88 GB) (Free:113.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:1.99 GB) (Free:1.99 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 4DF9FDDA)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 2 GB) (Disk ID: 08FECB2D)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
==================== End Of Log ============================ -
Hello,
You helped me before and were brilliant and I was wondering if you could please help me once more?
I advised a friend to run Malwarebytes along with MSE but when Malwarebytes starts running it always blocks access to the internet so she has to disable it to get online.
I've tried my best to clean off her PC but the problem persists and I saw that it may be a "hidden DNS hijack" from another thread.
I've run the dds script and the Farbar scan tool and the logs are below.
I'd be very appreciative if someone could look into this for me.
Many thanks
Jo
dds.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.15.2
Run by dave at 16:38:10 on 2014-05-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1001 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uProxyServer =
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Yahoo Community Smartbar (by Linkury): {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\packer~1.lnk - c:\users\dave\appdata\roaming\opencandy\d74f5f4b2d1a42d880c0e1f59ca7176b\Packer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{1527C122-8FB6-46CC-A354-6D411D8B9841} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{2C2E8488-C476-405F-BAA9-A47DBAF55567} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{6384F98E-88DA-4BFB-B44D-28A2EF17E44E} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{EB10810C-1352-427A-9EED-48CA2BDD15E4} : DHCPNameServer = 192.168.1.254
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-3-14 36392]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-20 21504]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-5-8 241728]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-5-15 73432]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-15 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-15 857912]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-15 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-15 107736]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-15 51416]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2009-5-28 29184]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-19 83168]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-3-11 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-05-15 13:55:29 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2b2c83bc-ec11-4fe7-8600-4a0c3f7addd0}\gapaengine.dll
2014-05-15 13:46:42 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{009c9ac1-4161-423f-b9c2-cbcb49bb0689}\mpengine.dll
2014-05-15 13:16:22 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-15 13:15:59 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-15 13:15:59 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-15 13:15:59 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-15 13:15:59 -------- d-----w- c:\programdata\Malwarebytes
2014-05-15 13:15:59 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-15 12:45:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-08 13:41:51 -------- d-----w- c:\program files\Uninstaller
2014-05-08 13:37:32 -------- d-----w- c:\users\dave\appdata\roaming\VOPackage
2014-05-08 13:36:58 -------- d-----w- c:\program files\MyPC Backup
2014-05-08 13:17:57 -------- d-----w- c:\users\dave\appdata\roaming\Foxit Software
2014-05-08 13:17:21 -------- d-----w- c:\program files\Foxit Software
2014-05-08 12:55:47 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-05-08 12:54:11 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-05 17:14:09 -------- d-----w- c:\program files\Microsoft Security Client
2014-05-05 17:13:26 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2014-05-05 16:03:25 -------- d-----w- C:\$RECYCLE.BIN
2014-05-05 15:45:34 98816 ----a-w- c:\windows\sed.exe
2014-05-05 15:45:34 256000 ----a-w- c:\windows\PEV.exe
2014-05-05 15:45:34 208896 ----a-w- c:\windows\MBR.exe
2014-05-05 15:35:18 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-05 15:34:52 -------- d-----w- C:\AdwCleaner
2014-05-05 15:29:40 -------- d-----w- c:\windows\ERUNT
2014-05-05 14:56:16 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d86b080e-dd22-4b81-8416-4c9eae2f3cc6}\mpengine.dll
.
==================== Find3M ====================
.
2014-03-31 21:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 21:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-11 08:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 16:39:26.17 ===============
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 31/12/2007 12:18:44
System Uptime: 15/05/2014 16:29:10 (0 hours ago)
.
Motherboard: Packard Bell BV | | PT890-8237A
Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 113.819 GiB free.
E: is Removable
F: is Removable
G: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-H40N________________RG01____\5&1D2C6A94&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVDRAM GSA-H40N ATA Device
PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-H40N________________RG01____\5&1D2C6A94&0&0.0.0
Service: cdrom
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#
Manufacturer: Generic
Name: USB CF Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB MS Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3#
Manufacturer: Generic
Name: USB MS Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SD Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0#
Manufacturer: Generic
Name: USB SD Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SM Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2#
Manufacturer: Generic
Name: USB SM Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2#
Service: WUDFRd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belkin Wireless USB Utility
Bonjour
Compatibility Pack for the 2007 Office system
DMUninstaller
Foxit Cloud
Foxit Reader
GearDrvs
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Internet From BT
iTunes
Java 7 Update 15
Java Auto Updater
LPT System Updater Service
MagicSports 3.5
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Microsoft® Office Trial 2007
MobileMe Control Panel
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyPC Backup
Norton 360
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
Packard Bell ImageWriter
Packard Bell LCD Test
QuickTime
Realtek HD Audio V6.0.1.5377
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Search Protect
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video NVIDIA v162.22
WinPatrol
Yahoo Community Smartbar Engine
.
==== End Of File ===========================
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-05-2014
Ran by dave (administrator) on DAVE-PC on 15-05-2014 16:53:18
Running from C:\Users\dave\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Belkin) C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [iSUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3661334880-1982377886-768432890-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
ShortcutTarget: Belkin Wireless USB Utility.lnk -> C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Packer.exe.lnk
ShortcutTarget: Packer.exe.lnk -> C:\Users\dave\AppData\Roaming\OpenCandy\D74F5F4B2D1A42D880C0E1F59CA7176B\Packer.exe (No File)
Startup: C:\Users\lukezoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3661334880-1982377886-768432890-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyServer:
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRJbBukZJ7n-FayWQBmw,,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRJbBukZJ7n-FayWQBmw,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRIU3wzuAFbqn3CtZ9CQ,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRIU3wzuAFbqn3CtZ9CQ,,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
FireFox:
========
FF ProfilePath: C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default
FF DefaultSearchEngine: Google
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-24]
FF Extension: Google Toolbar for Firefox - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-01-04]
FF Extension: TalkTalk Mail Toolbar - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\Extensions\{e50376b0-4ded-4d46-a0ba-d3d87c971b56} [2011-06-06]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-08-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010-01-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Wallet) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR HKLM\...\Chrome\Extension: [gkcgjggoajjmljagopjnpjgbddigbcap] - C:\Users\dave\AppData\Local\CRE\gkcgjggoajjmljagopjnpjgbddigbcap.crx [2013-09-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-03-06] ()
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
==================== Drivers (Whitelisted) ====================
S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
S3 BLKWGU(Belkin); C:\Windows\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [73432 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl75ad56aa; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{009C9AC1-4161-423F-B9C2-CBCB49BB0689}\MpKsl75ad56aa.sys [39464 2014-05-15] (Microsoft Corporation)
S3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 WZCSVC;
U3 mbr; \??\C:\Users\dave\AppData\Local\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-15 16:53 - 2014-05-15 16:53 - 00015529 _____ () C:\Users\dave\Downloads\FRST.txt
2014-05-15 16:53 - 2014-05-15 16:53 - 00000000 ____D () C:\FRST
2014-05-15 16:43 - 2014-05-15 16:43 - 00008520 _____ () C:\Users\dave\Desktop\attach.txt
2014-05-15 16:43 - 2014-05-15 16:39 - 00011351 _____ () C:\Users\dave\Desktop\dds.txt
2014-05-15 14:55 - 2014-05-15 14:55 - 01056256 _____ (Farbar) C:\Users\dave\Downloads\FRST.exe
2014-05-15 14:46 - 2014-05-15 14:46 - 00688992 ____R (Swearware) C:\Users\dave\Downloads\dds.com
2014-05-15 14:34 - 2014-05-15 14:41 - 00002228 _____ () C:\Users\dave\Desktop\Rkill.txt
2014-05-15 14:16 - 2014-05-15 16:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 14:16 - 2014-05-15 14:16 - 00000862 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 14:16 - 2014-05-15 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 14:15 - 2014-05-15 14:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-15 14:15 - 2014-05-15 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 14:15 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 14:15 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 14:15 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 14:11 - 2014-05-15 14:11 - 00315392 _____ (Malwarebytes Corporation) C:\Users\dave\Downloads\mbam-clean-2.0.2.0.exe
2014-05-15 14:09 - 2014-05-15 14:09 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (2).zip
2014-05-15 13:48 - 2014-05-15 13:48 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 13:47 - 2014-05-15 13:48 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dave\Downloads\mbam-setup-2.0.1.1004 (4).exe
2014-05-15 13:45 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 13:45 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 13:45 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 13:38 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-08 14:37 - 2014-05-14 21:19 - 00000000 ____D () C:\Users\dave\AppData\Roaming\VOPackage
2014-05-08 14:37 - 2014-05-08 14:37 - 00001717 _____ () C:\Users\dave\Desktop\Sync Folder.lnk
2014-05-08 14:37 - 2014-05-08 14:37 - 00000847 _____ () C:\Users\dave\Desktop\MyPC Backup.lnk
2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-05-08 14:36 - 2014-05-15 14:01 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-05-08 14:33 - 2014-05-08 14:37 - 00000000 _____ () C:\END
2014-05-08 14:17 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Foxit Software
2014-05-08 14:17 - 2014-05-08 14:17 - 00001896 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Program Files\Foxit Software
2014-05-05 18:15 - 2014-05-05 18:15 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-05-05 18:15 - 2014-05-05 18:15 - 00001789 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-05 18:14 - 2014-05-05 18:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-05 18:13 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-05-05 18:05 - 2014-05-05 18:05 - 11241816 _____ (Microsoft Corporation) C:\Users\dave\Downloads\mseinstall.exe
2014-05-05 17:14 - 2014-05-05 17:14 - 00000000 ____D () C:\Users\dave\Downloads\tdsskiller (1)
2014-05-05 17:13 - 2014-05-05 17:14 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (1).zip
2014-05-05 17:08 - 2014-05-05 17:08 - 00026512 _____ () C:\ComboFix.txt
2014-05-05 16:45 - 2014-05-05 17:08 - 00000000 ____D () C:\Qoobox
2014-05-05 16:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-05 16:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-05 16:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-05 16:44 - 2014-05-05 17:07 - 00000000 ____D () C:\Windows\erdnt
2014-05-05 16:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-05 16:34 - 2014-05-05 17:11 - 00000000 ____D () C:\AdwCleaner
2014-05-05 16:34 - 2014-05-05 16:34 - 01316991 _____ () C:\Users\dave\Downloads\AdwCleaner.exe
2014-05-05 16:29 - 2014-05-05 16:29 - 01016261 _____ (Thisisu) C:\Users\dave\Downloads\JRT.exe
2014-05-05 16:29 - 2014-05-05 16:29 - 00000000 ____D () C:\Windows\ERUNT
2014-05-05 16:28 - 2014-05-05 16:29 - 05199940 ____R (Swearware) C:\Users\dave\Downloads\ComboFix.exe
2014-05-05 16:26 - 2014-05-05 16:27 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller.zip
2014-05-05 16:26 - 2014-05-05 16:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dave\Downloads\tdsskiller.exe
2014-05-05 16:26 - 2014-05-05 16:26 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\dave\Downloads\iExplore.exe
2014-04-26 18:28 - 2014-04-26 18:28 - 00869456 _____ () C:\Users\dave\Downloads\Norton_Removal_Tool.exe
2014-04-18 14:19 - 2014-04-18 14:19 - 01889841 _____ () C:\Users\dave\Downloads\Resistant+Materials(2).pptx
==================== One Month Modified Files and Folders =======
2014-05-15 16:53 - 2014-05-15 16:53 - 00015529 _____ () C:\Users\dave\Downloads\FRST.txt
2014-05-15 16:53 - 2014-05-15 16:53 - 00000000 ____D () C:\FRST
2014-05-15 16:52 - 2006-11-02 11:33 - 00778264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 16:51 - 2011-01-22 16:32 - 00018276 _____ () C:\Windows\setupact.log
2014-05-15 16:43 - 2014-05-15 16:43 - 00008520 _____ () C:\Users\dave\Desktop\attach.txt
2014-05-15 16:39 - 2014-05-15 16:43 - 00011351 _____ () C:\Users\dave\Desktop\dds.txt
2014-05-15 16:37 - 2007-12-31 13:18 - 02095905 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 16:33 - 2014-05-15 14:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 16:31 - 2010-02-07 20:12 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-15 16:29 - 2007-08-25 08:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-15 16:29 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 16:29 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 16:29 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 14:58 - 2006-11-02 14:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-15 14:55 - 2014-05-15 14:55 - 01056256 _____ (Farbar) C:\Users\dave\Downloads\FRST.exe
2014-05-15 14:46 - 2014-05-15 14:46 - 00688992 ____R (Swearware) C:\Users\dave\Downloads\dds.com
2014-05-15 14:41 - 2014-05-15 14:34 - 00002228 _____ () C:\Users\dave\Desktop\Rkill.txt
2014-05-15 14:30 - 2007-08-25 08:49 - 00000000 ____D () C:\Program Files\Google
2014-05-15 14:23 - 2010-02-07 20:12 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-15 14:16 - 2014-05-15 14:16 - 00000862 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 14:16 - 2014-05-15 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 14:16 - 2014-05-15 14:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-15 14:15 - 2014-05-15 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 14:13 - 2011-01-22 21:01 - 01039302 _____ () C:\Windows\PFRO.log
2014-05-15 14:11 - 2014-05-15 14:11 - 00315392 _____ (Malwarebytes Corporation) C:\Users\dave\Downloads\mbam-clean-2.0.2.0.exe
2014-05-15 14:09 - 2014-05-15 14:09 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (2).zip
2014-05-15 14:08 - 2013-03-30 11:12 - 00000000 ____D () C:\Users\dave\AppData\Local\CrashDumps
2014-05-15 14:01 - 2014-05-08 14:36 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-05-15 13:52 - 2013-08-16 10:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 13:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:49 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-15 13:48 - 2014-05-15 13:48 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 13:48 - 2014-05-15 13:47 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dave\Downloads\mbam-setup-2.0.1.1004 (4).exe
2014-05-15 13:48 - 2007-08-25 08:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 07:59 - 2006-11-02 13:47 - 03653360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 21:19 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\VOPackage
2014-05-14 20:35 - 2007-12-31 13:51 - 00070744 _____ () C:\Users\dave\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-08 19:40 - 2007-12-31 13:51 - 00000000 ____D () C:\Users\dave\AppData\Local\Google
2014-05-08 14:37 - 2014-05-08 14:37 - 00001717 _____ () C:\Users\dave\Desktop\Sync Folder.lnk
2014-05-08 14:37 - 2014-05-08 14:37 - 00000847 _____ () C:\Users\dave\Desktop\MyPC Backup.lnk
2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-05-08 14:37 - 2014-05-08 14:33 - 00000000 _____ () C:\END
2014-05-08 14:18 - 2014-05-08 14:17 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Foxit Software
2014-05-08 14:17 - 2014-05-08 14:17 - 00001896 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Program Files\Foxit Software
2014-05-08 14:17 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-05-06 00:32 - 2014-05-15 13:45 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-15 13:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 00:14 - 2014-05-15 13:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:16 - 2014-04-14 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-05-05 19:16 - 2014-04-14 18:50 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-05 18:15 - 2014-05-05 18:15 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-05-05 18:15 - 2014-05-05 18:15 - 00001789 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-05 18:15 - 2014-05-05 18:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-05 18:05 - 2014-05-05 18:05 - 11241816 _____ (Microsoft Corporation) C:\Users\dave\Downloads\mseinstall.exe
2014-05-05 17:41 - 2011-06-26 15:01 - 00000000 ____D () C:\Users\dave\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-05-05 17:38 - 2007-08-25 08:38 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-05 17:33 - 2008-04-07 20:46 - 00000000 ____D () C:\Users\dave\AppData\Roaming\InstallShield
2014-05-05 17:32 - 2008-05-24 17:27 - 00000000 ____D () C:\Program Files\Adobe
2014-05-05 17:31 - 2008-05-24 17:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-05 17:31 - 2008-01-02 16:03 - 00000000 ____D () C:\Users\dave\AppData\Local\Adobe
2014-05-05 17:31 - 2007-08-25 08:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-05 17:28 - 2009-03-13 17:21 - 00000000 ____D () C:\Windows\system32\Adobe
2014-05-05 17:28 - 2007-08-25 08:48 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-05 17:26 - 2008-04-07 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
2014-05-05 17:26 - 2008-04-07 20:49 - 00000000 ____D () C:\Program Files\Sony
2014-05-05 17:22 - 2007-08-25 08:38 - 00000000 ____D () C:\Program Files\Packard Bell
2014-05-05 17:21 - 2007-08-25 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell Support
2014-05-05 17:14 - 2014-05-05 17:14 - 00000000 ____D () C:\Users\dave\Downloads\tdsskiller (1)
2014-05-05 17:14 - 2014-05-05 17:13 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (1).zip
2014-05-05 17:11 - 2014-05-05 16:34 - 00000000 ____D () C:\AdwCleaner
2014-05-05 17:08 - 2014-05-05 17:08 - 00026512 _____ () C:\ComboFix.txt
2014-05-05 17:08 - 2014-05-05 16:45 - 00000000 ____D () C:\Qoobox
2014-05-05 17:08 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-05-05 17:07 - 2014-05-05 16:44 - 00000000 ____D () C:\Windows\erdnt
2014-05-05 17:03 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-05 17:01 - 2007-12-31 13:38 - 00000000 ____D () C:\Users\dave
2014-05-05 16:34 - 2014-05-05 16:34 - 01316991 _____ () C:\Users\dave\Downloads\AdwCleaner.exe
2014-05-05 16:29 - 2014-05-05 16:29 - 01016261 _____ (Thisisu) C:\Users\dave\Downloads\JRT.exe
2014-05-05 16:29 - 2014-05-05 16:29 - 00000000 ____D () C:\Windows\ERUNT
2014-05-05 16:29 - 2014-05-05 16:28 - 05199940 ____R (Swearware) C:\Users\dave\Downloads\ComboFix.exe
2014-05-05 16:27 - 2014-05-05 16:26 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller.zip
2014-05-05 16:26 - 2014-05-05 16:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dave\Downloads\tdsskiller.exe
2014-05-05 16:26 - 2014-05-05 16:26 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\dave\Downloads\iExplore.exe
2014-05-05 16:19 - 2007-12-31 13:55 - 00108032 _____ () C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-26 19:15 - 2011-04-28 16:46 - 00000000 ____D () C:\Users\dave\Documents\saves
2014-04-26 19:14 - 2011-04-28 16:46 - 00000000 ____D () C:\Users\dave\Documents\stats
2014-04-26 19:14 - 2009-04-25 22:14 - 00000000 ____D () C:\Users\dave\Documents\Symantec
2014-04-26 18:35 - 2007-08-25 08:50 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-26 18:28 - 2014-04-26 18:28 - 00869456 _____ () C:\Users\dave\Downloads\Norton_Removal_Tool.exe
2014-04-26 18:28 - 2009-03-26 19:45 - 00000680 _____ () C:\Users\dave\AppData\Local\d3d9caps.dat
2014-04-18 14:19 - 2014-04-18 14:19 - 01889841 _____ () C:\Users\dave\Downloads\Resistant+Materials(2).pptx
Some content of TEMP:
====================
C:\Users\dave\AppData\Local\Temp\BackupSetup.exe
C:\Users\dave\AppData\Local\Temp\Quarantine.exe
C:\Users\dave\AppData\Local\Temp\_is22DB.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-15 16:43
==================== End Of Log ============================ -
Hi Gringo,
My laptop now runs better than it ever did. I've uninstalled everything you said and disabled my Java.
Many thanks for everything you've done; you're a superstar.
Regards
Jam spoons
-
Hi Gringo,
Many thanks for everything you've done.
There were a few 'threats' on thet ESET scan but I saved a backup to my G:\ drive and the rest seems to be the cleaner you had me install.
I've removed those exectuables from my G:\ drive now.
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Debut\debut.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Debut\debutsetup_v1.64.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Debut\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
G:\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
G:\My Downloads\DM-244.exe Win32/HotSpotShield potentially unwanted application
G:\My Downloads\gpl_ghostscript.exe a variant of Win32/InstallCore.AZ potentially unwanted application
G:\My Downloads\IE7proSetup_2.4.7.exe Win32/OpenCandy potentially unsafe application
G:\My Downloads\SoftonicDownloader_for_ccleaner.exe Win32/SoftonicDownloader.A potentially unwanted application
-
Hi Gringo,
Thanks for all the time you've spent doing this, it's much appreciated. I wish I could buy you a beer or something.
Here are the log files you requested.
MBAM:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.11.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jo :: HOMELAPTOP [administrator]
Protection: Enabled
11/03/2014 01:54:31
mbam-log-2014-03-11 (01-54-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 311480
Time elapsed: 11 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:08:48, on 11/03/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jo\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: Dropbox.lnk = Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - http://downloads.virginmedia.com/CST/ver1/vistainstaller.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1ca300d8c0e3590) (gupdate1ca300d8c0e3590) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8909 bytes
Regards
-
Hello again!
Here is the second combofix log. Everything is still running with no problems so far.Many thanks!
ComboFix 14-03-05.01 - Jo 10/03/2014 16:55:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3573.1874 [GMT 0:00]
Running from: c:\users\Jo\Desktop\ComboFix.exe
Command switches used :: c:\users\Jo\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 )))))))))))))))))))))))))))))))
.
.
2014-03-10 17:11 . 2014-03-10 17:11 -------- d-----w- c:\users\James\AppData\Local\temp
2014-03-10 17:11 . 2014-03-10 17:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 17:11 . 2014-03-10 17:11 -------- d-----w- c:\users\Amber\AppData\Local\temp
2014-03-10 17:11 . 2014-03-10 17:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-03-10 13:43 . 2014-03-10 13:43 -------- d-----w- c:\windows\ERUNT
2014-03-10 13:29 . 2014-03-10 13:34 -------- d-----w- C:\AdwCleaner
2014-03-09 19:36 . 2014-03-09 19:36 -------- d-----w- c:\users\James\AppData\Roaming\AVAST Software
2014-03-07 15:54 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DD7FFC8-8AA1-4A1B-919A-F9953A246373}\mpengine.dll
2014-03-05 00:41 . 2014-03-05 00:41 -------- d-----w- c:\users\Jo\AppData\Roaming\AVAST Software
2014-03-05 00:12 . 2014-03-05 00:12 -------- d-----w- c:\programdata\AVAST Software
2014-03-05 00:08 . 2014-03-05 00:18 252592 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2014-03-05 00:08 . 2014-01-22 14:52 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2014-03-05 00:08 . 2014-03-05 00:18 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-05 00:07 . 2013-09-25 12:15 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2014-03-03 21:39 . 2014-03-03 21:39 -------- d-----w- c:\programdata\InstallShield
2014-03-03 21:33 . 2014-03-03 21:33 -------- d-----w- c:\programdata\Oracle
2014-03-03 21:31 . 2014-03-03 21:31 -------- d-----w- c:\program files\Java
2014-03-03 21:22 . 2014-03-03 21:22 -------- d-----w- c:\windows\Sun
2014-03-01 19:51 . 2014-03-01 19:51 -------- d-----w- c:\users\Jo\AppData\Roaming\Oracle
2014-03-01 19:29 . 2014-03-03 21:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-01 19:29 . 2014-03-01 19:29 0 ----a-w- c:\windows\system32\REN6BB7.tmp
2014-03-01 19:29 . 2014-03-01 19:29 0 ----a-w- c:\windows\system32\REN6B49.tmp
2014-03-01 18:19 . 2014-03-01 18:19 -------- d-----w- c:\program files\iPod
2014-03-01 18:18 . 2014-03-01 18:20 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-01 18:18 . 2014-03-01 18:20 -------- d-----w- c:\program files\iTunes
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2014-03-01 18:06 . 2014-03-01 18:07 -------- d-----w- c:\program files\QuickTime
2014-02-28 00:45 . 2014-02-28 00:45 -------- d-----w- c:\windows\Migration
2014-02-13 17:31 . 2014-02-05 08:49 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-13 16:11 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-05 00:19 . 2013-08-04 02:49 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-05 00:19 . 2011-03-30 22:38 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-05 00:19 . 2010-01-30 18:16 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-03-05 00:19 . 2010-01-30 18:16 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-05 00:19 . 2013-08-04 02:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-05 00:19 . 2010-01-30 18:16 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-03-05 00:19 . 2010-01-30 18:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-05 00:19 . 2010-10-01 22:09 43152 ----a-w- c:\windows\avastSS.scr
2014-03-05 00:19 . 2010-01-30 18:14 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-21 17:57 . 2012-03-29 16:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 17:57 . 2011-05-19 07:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-12-18 06:13 . 2009-10-03 09:52 231584 ------w- c:\windows\system32\MpSigStub.exe
2006-06-15 20:33 . 2013-10-01 00:00 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 . 2013-10-01 00:00 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 . 2013-10-01 00:00 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 . 2013-10-01 00:00 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 . 2013-10-01 00:00 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 . 2013-10-01 00:00 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 . 2013-10-01 00:00 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 . 2013-10-01 00:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 . 2013-10-01 00:00 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 . 2013-10-01 00:00 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-05 00:19 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-03-05 3767096]
.
c:\users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 20:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
2007-04-12 06:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX420W(Network)]
2009-09-14 07:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-06 07:58 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 17:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 09:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-06 07:58 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 09:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:57]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:49]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: nationet.com\olb2
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-10 17:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2014-03-10 17:14:31
ComboFix-quarantined-files.txt 2014-03-10 17:14
ComboFix2.txt 2014-03-10 14:56
.
Pre-Run: 7,493,582,848 bytes free
Post-Run: 7,451,824,128 bytes free
.
- - End Of File - - D2B2E84CE4E1011B883B6D9E90FE5F1E
5C616939100B85E558DA92B899A0FC36
-
Hi Gringo,
Here is the Combofix log. I didn't have any problems running it and the computer seems to still be up and running so it's all good for now.
Many thanks.
ComboFix 14-03-05.01 - Jo 10/03/2014 14:32:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3573.2230 [GMT 0:00]
Running from: c:\users\Jo\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\Documents\~WRL0003.tmp
c:\users\James\Documents\~WRL0005.tmp
c:\users\James\Documents\~WRL0006.tmp
c:\users\James\Documents\~WRL3397.tmp
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome.manifest
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\asyncDB.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\background.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\browserAction.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\contextMenu.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\dbManager.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\dom_bg.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\fileManager.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\firefox.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\firefoxNotifications.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\firefoxOmnibox.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\message.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\pageAction.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\request.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\tabs.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\webRequest.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\background.html
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\baseObject.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\browser.xul
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\console.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\consts.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\delegate.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\extensionDataStore.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\folderIOWrapper.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\httpObserver.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\IDBWrapper.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\installer.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\logFile.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\prefs.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\progressListenerObserver.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\registry.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\reloadObserver.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\reports.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\requestObject.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\searchSettings.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\uninstallObserver.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\updateManager.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\utils.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\xhr.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\dialog.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\main.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\options.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\options.xul
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\platformVersion.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\search_dialog.xul
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\defaults\preferences\prefs.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\manifest.xml
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins.json
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\1_base.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\17_jQuery.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\182_openUrl.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\207_dbWrapper.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\21_debug.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\22_resources.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\28_initializer.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\47_resources_background.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\5_notifications.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\64_appApiMessage.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\7_hooks.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\72_appApiValidation.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\98_omniCommands.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\userCode\background.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\userCode\extension.js
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\install.rdf
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\locale\en-US\translations.dtd
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button1.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button2.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button3.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button4.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button5.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\crossrider_statusbar.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\icon128.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\icon16.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\icon24.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\icon48.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\panelarrow-up.png
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\popup.html
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\skin.css
c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\update.css
c:\windows\wininit.ini
F:\autorun.inf
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 )))))))))))))))))))))))))))))))
.
.
2014-03-10 14:48 . 2014-03-10 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 14:48 . 2014-03-10 14:48 -------- d-----w- c:\users\Amber\AppData\Local\temp
2014-03-10 14:48 . 2014-03-10 14:48 -------- d-----w- c:\users\James\AppData\Local\temp
2014-03-10 14:48 . 2014-03-10 14:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-03-10 13:43 . 2014-03-10 13:43 -------- d-----w- c:\windows\ERUNT
2014-03-10 13:29 . 2014-03-10 13:34 -------- d-----w- C:\AdwCleaner
2014-03-09 19:36 . 2014-03-09 19:36 -------- d-----w- c:\users\James\AppData\Roaming\AVAST Software
2014-03-07 15:54 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DD7FFC8-8AA1-4A1B-919A-F9953A246373}\mpengine.dll
2014-03-05 00:41 . 2014-03-05 00:41 -------- d-----w- c:\users\Jo\AppData\Roaming\AVAST Software
2014-03-05 00:12 . 2014-03-05 00:12 -------- d-----w- c:\programdata\AVAST Software
2014-03-05 00:08 . 2014-03-05 00:18 252592 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2014-03-05 00:08 . 2014-01-22 14:52 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2014-03-05 00:08 . 2014-03-05 00:18 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-05 00:07 . 2013-09-25 12:15 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2014-03-03 21:39 . 2014-03-03 21:39 -------- d-----w- c:\programdata\InstallShield
2014-03-03 21:33 . 2014-03-03 21:33 -------- d-----w- c:\programdata\Oracle
2014-03-03 21:31 . 2014-03-03 21:31 -------- d-----w- c:\program files\Java
2014-03-03 21:22 . 2014-03-03 21:22 -------- d-----w- c:\windows\Sun
2014-03-01 19:51 . 2014-03-01 19:51 -------- d-----w- c:\users\Jo\AppData\Roaming\Oracle
2014-03-01 19:29 . 2014-03-03 21:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-01 19:29 . 2014-03-01 19:29 0 ----a-w- c:\windows\system32\REN6BB7.tmp
2014-03-01 19:29 . 2014-03-01 19:29 0 ----a-w- c:\windows\system32\REN6B49.tmp
2014-03-01 18:19 . 2014-03-01 18:19 -------- d-----w- c:\program files\iPod
2014-03-01 18:18 . 2014-03-01 18:20 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-01 18:18 . 2014-03-01 18:20 -------- d-----w- c:\program files\iTunes
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2014-03-01 18:06 . 2014-03-01 18:07 -------- d-----w- c:\program files\QuickTime
2014-02-28 00:45 . 2014-02-28 00:45 -------- d-----w- c:\windows\Migration
2014-02-13 17:31 . 2014-02-05 08:49 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-13 16:11 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-05 00:19 . 2013-08-04 02:49 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-05 00:19 . 2011-03-30 22:38 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-05 00:19 . 2010-01-30 18:16 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-03-05 00:19 . 2010-01-30 18:16 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-05 00:19 . 2013-08-04 02:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-05 00:19 . 2010-01-30 18:16 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-03-05 00:19 . 2010-01-30 18:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-05 00:19 . 2010-10-01 22:09 43152 ----a-w- c:\windows\avastSS.scr
2014-03-05 00:19 . 2010-01-30 18:14 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-21 17:57 . 2012-03-29 16:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 17:57 . 2011-05-19 07:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-12-18 06:13 . 2009-10-03 09:52 231584 ------w- c:\windows\system32\MpSigStub.exe
2006-06-15 20:33 . 2013-10-01 00:00 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 . 2013-10-01 00:00 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 . 2013-10-01 00:00 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 . 2013-10-01 00:00 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 . 2013-10-01 00:00 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 . 2013-10-01 00:00 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 . 2013-10-01 00:00 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 . 2013-10-01 00:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 . 2013-10-01 00:00 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 . 2013-10-01 00:00 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-05 00:19 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-03-05 3767096]
.
c:\users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 20:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
2007-04-12 06:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX420W(Network)]
2009-09-14 07:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-06 07:58 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 17:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 09:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-06 07:58 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 09:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:57]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:49]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: nationet.com\olb2
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
HKCU-Run-ApplePhotoStreams - c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ApplePhotoStreams - c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSConfigStartUp-ConnectionCenter - c:\program files\Citrix\ICA Client\concentr.exe
MSConfigStartUp-Google Update - c:\users\Jo\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-googletalk - c:\users\Jo\AppData\Roaming\Google\Google Talk\googletalk.exe
MSConfigStartUp-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
AddRemove-Debut - c:\program files\NCH Software\Debut\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-10 14:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2014-03-10 14:56:12
ComboFix-quarantined-files.txt 2014-03-10 14:55
.
Pre-Run: 8,974,413,824 bytes free
Post-Run: 10,270,990,336 bytes free
.
- - End Of File - - EA73F8BC22C4642201E8A0505068AF6C
5C616939100B85E558DA92B899A0FC36
-
HI Gringo,
Thank you very much for your help. I ran both of those downloads in the order you requested and I shall let you know if I do or don't get another IP-block message. Though it may take a few days of use to see if it pops up again.
Here are the log files.
Adwcleaner:
# AdwCleaner v3.020 - Report created 10/03/2014 at 13:34:43
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Jo - HOMELAPTOP
# Running from : C:\Users\Jo\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\uniblue
Folder Deleted : C:\Windows\system32\hotspot shield
Folder Deleted : C:\Users\Jo\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\Jo\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Jo\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\James\AppData\Roaming\NCH Software
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
File Deleted : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\invalidprefs.js
File Deleted : C:\Windows\System32\Tasks\NCH Software
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16533
-\\ Mozilla Firefox v27.0.1 (en-GB)
[ File : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\prefs.js ]
Line Deleted : user_pref("extensions.crossrider.bic", "1445fd564e8577b07d1afda68b986e9f");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.InstallationThankYouPage", false);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.InstallationTime", 1393177224);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.active", true);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.addressbar", "NA");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.backgroundver", 6);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app14917%22%3A%22app14917%22%2C%22GB%22%3A%22GB%22%7D");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_geolocation.expiration", "Mon Mar 17 2014 12:34:27 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_geolocation.value", "%22GB%22");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_metadata.expiration", "Mon Mar 10 2014 16:14:38 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A14917%2C%22appName%22%3A%22Chat%20Undetected%22%2C%22lastMessageId%22%3A0%2C%22nextCheck%22%[...]
Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.InstallationTime.value", "1393177224");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.crossriderapp14917_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.crossriderapp14917_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.description", "Facebook Undetected lets you disable Facebook Messenger’s read receipt feature, preventing others from seeing if you have viewed a message[...]
Line Deleted : user_pref("extensions.crossriderapp14917.14917.domain", "");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_appVer.value", "70");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_nextCheck.expiration", "Mon Mar 10 2014 15:01:53 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D%2C%22version%22%3Anull%7[...]
Line Deleted : user_pref("extensions.crossriderapp14917.14917.lastDailyReport", "1394442112172");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.lastUpdate", "1394442108386");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.name", "Chat Undetected");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.pluginsversion", 29);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.publisher", "Crossrider");
Line Deleted : user_pref("extensions.crossriderapp14917.14917.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp14917.14917.ver", 70);
Line Deleted : user_pref("extensions.crossriderapp14917.FilesValidatorDueTime", "1394442164439");
Line Deleted : user_pref("extensions.crossriderapp14917.apps", "14917");
Line Deleted : user_pref("extensions.crossriderapp14917.bic", "1445fd564e8577b07d1afda68b986e9f");
Line Deleted : user_pref("extensions.crossriderapp14917.cid", 14917);
Line Deleted : user_pref("extensions.crossriderapp14917.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp14917.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp14917.installationdate", 1393177224);
Line Deleted : user_pref("extensions.crossriderapp14917.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp14917.reportInstall", true);
Line Deleted : user_pref("extensions.crossriderapp14917.statsDailyCounter", 21);
Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp14917%40crossrider.com:0.94.70,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1");
[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\kt7i453l.default\prefs.js ]
[ File : C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\l4ke6fks.default\prefs.js ]
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\t6fk57qu.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [11738 octets] - [10/03/2014 13:30:01]
AdwCleaner[s0].txt - [11737 octets] - [10/03/2014 13:34:43]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11798 octets] ##########
Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista Home Premium x86
Ran by Jo on 10/03/2014 at 13:43:52.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-851744489-1852982431-2769218266-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-851744489-1852982431-2769218266-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{60D61572-9EA9-4025-8CCE-0DAE80F4E778}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{98738B23-24B2-4DE2-B121-92BAA727E9F0}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Jo\AppData\Roaming\mozilla\firefox\profiles\7w1oy7kv.default-1387213464914\minidumps [17 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/03/2014 at 13:49:01.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Thanks again!
-
Hi,
I keep getting a message about Malwarebytes blocking a particular IP address.
94.242.251.103 (Type: outgoing, Port: 52726, Process: avastsvc.exe)
I don't think it's blocking Avast as the updates seems to still be working. I ran your scan and an Avast scan yesterday but it didn't seem to pick anything up.
I've seen on your forum it may be blocking an IP in Lativa so I followed your instructions for downloading dds.
I've attached the two report files for you to look through.
Many thanks in advance for any help you can give me.
Malwarebytes blocks internet connection
in Resolved Malware Removal Logs
Posted
Hi,
None of the above made any difference. I've had to reinstall Windows Vista and erase the current installation. When I left it with my friend it was running Malwarebytes and MSE togther and allowing connection over the belkin wireless adapter. Though, my friend did tell me that Malwarebytes had uninstalled itself but I haven't had a chance to check what she means by this yet so I don't really know what, if anything, has happened.
You may as well close this post, though. If I need any more help, I'll be sure to let you know.
Many thanks for everything you've done and all your time spent.
Best regards
Jo