Jump to content

sameerc

Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Is there any further possibility. Given the persistent problem, I think, it could be a problem with my internet service provider or perhaps some protection software code has been removed by the previous infection, leading to the problem. I am now thinking of reinstalling the windows software on my PC.
  2. OK, here attached are the scan reports. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015 Ran by KBC (administrator) on KBC-PC (09-10-2015 12:39:02) Running from C:\Downloads\Farbar Loaded Profiles: KBC (Available Profiles: KBC & SAMEER) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe (Seagate Technology LLC) D:\Program Files\Sync\FreeAgentService.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [155648 2006-09-12] (Alps Electric Co., Ltd.) HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-18] (Piriform Ltd) HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.) HKU\S-1-5-21-595894999-490155728-2440704941-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 5.152.219.50 37.220.8.190 Tcpip\..\Interfaces\{7A8B311E-52BC-474D-92E3-3E6266593E19}: [DhcpNameServer] 5.152.219.50 37.220.8.190 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-595894999-490155728-2440704941-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-595894999-490155728-2440704941-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> DefaultScope {C6B85888-FA66-4085-BBFF-26AC5E787B95} URL = hxxps://in.search.yahoo.com/search?fr=mcafee&type=B011IN0D20141106&p={searchTerms} SearchScopes: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> {C6B85888-FA66-4085-BBFF-26AC5E787B95} URL = hxxps://in.search.yahoo.com/search?fr=mcafee&type=B011IN0D20141106&p={searchTerms} BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.) Toolbar: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File Toolbar: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.) FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-18] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-09-22] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-05] Chrome: ======= CHR Profile: C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29] CHR Extension: (Google Docs) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29] CHR Extension: (Google Drive) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-29] CHR Extension: (YouTube) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29] CHR Extension: (Google Sheets) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29] CHR Extension: (SiteAdvisor) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-29] CHR Extension: (Google Docs Offline) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-29] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29] CHR Extension: (Gmail) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-03-05] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0203281444372169mcinstcleanup; C:\Windows\TEMP\020328~1.EXE [883024 2015-05-05] (McAfee, Inc.) R2 CLCapSvc; C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe [274529 2007-01-06] () [File not signed] R2 CLSched; C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe [118879 2007-01-06] () [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-07-07] (Macrovision Europe Ltd.) [File not signed] R2 FreeAgentGoNext Service; D:\Program Files\Sync\FreeAgentService.exe [189736 2009-12-18] (Seagate Technology LLC) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-09-28] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.) R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-03-01] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2007-01-05] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [9728 2006-11-23] (Lenovo Corporation) R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2007-09-11] (Aladdin Knowledge Systems, Ltd.) S3 CapFilt; C:\Windows\system32\Drivers\CapFilt.sys [18944 2007-09-21] (ensurebit) [File not signed] R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.) R1 DritekPortIO; C:\Program Files\EzButton\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed] R3 eTSCFLT; C:\Windows\System32\DRIVERS\eTSCFLT.sys [12456 2007-09-11] (Aladdin Knowledge Systems, Ltd.) S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed] S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-09-06] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [67584 2012-09-06] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-09-06] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.) R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.) R3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [159104 2007-09-21] (Trident Multimedia Technologies Co.,Ltd) S3 UDA; C:\Windows\System32\Drivers\rcudawdm.sys [25760 2012-04-17] (Rainbow China Co,. Ltd.) S3 wdf_usb_vista; C:\Windows\System32\DRIVERS\usb2ser_vista.sys [38912 2012-10-11] (MediaTek Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\Users\KBC\AppData\Local\Temp\catchme.sys [X] S3 EraserUtilDrv11110; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] U2 wuaserv; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-29 18:00 - 2015-09-29 18:00 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-09-29 18:00 - 2015-09-29 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-09-29 17:57 - 2015-10-09 12:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-29 17:57 - 2015-10-09 11:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-29 17:14 - 2015-09-29 17:14 - 00011841 _____ C:\ComboFix.txt 2015-09-28 11:31 - 2015-09-29 17:14 - 00000000 ____D C:\Qoobox 2015-09-28 11:31 - 2011-06-26 12:15 - 00256000 _____ C:\Windows\PEV.exe 2015-09-28 11:31 - 2010-11-07 22:50 - 00208896 _____ C:\Windows\MBR.exe 2015-09-28 11:31 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-09-28 11:31 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-09-28 11:31 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-09-28 11:31 - 2000-08-31 05:30 - 00098816 _____ C:\Windows\sed.exe 2015-09-28 11:31 - 2000-08-31 05:30 - 00080412 _____ C:\Windows\grep.exe 2015-09-28 11:31 - 2000-08-31 05:30 - 00068096 _____ C:\Windows\zip.exe 2015-09-28 11:30 - 2015-09-28 11:46 - 00000000 ____D C:\Windows\erdnt 2015-09-28 11:00 - 2015-09-28 11:01 - 05636489 ____R (Swearware) C:\Users\KBC\Desktop\ComboFix.exe 2015-09-24 16:50 - 2015-09-24 16:50 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk 2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ___RD C:\Program Files\Skype 2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-09-22 14:32 - 2015-09-22 15:50 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-09-22 14:32 - 2015-09-22 14:32 - 00001852 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk 2015-09-22 11:36 - 2015-08-13 19:45 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-09-22 11:36 - 2015-08-13 19:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2015-09-22 11:33 - 2015-09-03 02:56 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-22 11:33 - 2015-09-03 02:56 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-22 11:24 - 2015-07-10 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-22 11:22 - 2015-09-03 02:56 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-22 11:22 - 2015-09-03 01:25 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-22 11:22 - 2015-09-03 01:24 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-22 11:20 - 2015-08-05 21:29 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-22 10:43 - 2015-08-17 22:48 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-22 10:43 - 2015-08-17 22:47 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-22 10:43 - 2015-08-17 22:44 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-22 10:43 - 2015-08-17 22:43 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-22 10:43 - 2015-08-17 22:42 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-22 10:43 - 2015-08-17 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-22 10:43 - 2015-08-17 22:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-22 10:43 - 2015-08-17 22:41 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-22 10:43 - 2015-08-17 22:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-09-22 10:43 - 2015-08-17 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-09-22 10:43 - 2015-08-17 22:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-09-22 10:43 - 2015-08-17 22:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-09 12:39 - 2015-08-17 10:56 - 00000000 ____D C:\FRST 2015-10-09 12:26 - 2015-07-30 22:25 - 01894952 _____ C:\Windows\WindowsUpdate.log 2015-10-09 12:06 - 2009-06-24 14:18 - 00000000 ____D C:\Users\KBC\AppData\Roaming\Skype 2015-10-09 11:59 - 2014-03-05 13:19 - 00000000 ____D C:\Program Files\McAfee 2015-10-09 11:54 - 2008-01-25 10:14 - 00090657 _____ C:\Users\KBC\AppData\Roaming\nvModes.001 2015-10-09 11:52 - 2007-09-21 09:43 - 16030545 _____ C:\FaceProv.log 2015-10-09 11:52 - 2006-11-02 18:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-09 11:52 - 2006-11-02 18:15 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-09 11:52 - 2006-11-02 18:15 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-04 15:42 - 2008-01-28 14:40 - 00000012 _____ C:\Windows\bthservsdp.dat 2015-10-04 15:42 - 2006-11-02 18:28 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-10-04 14:40 - 2009-11-09 11:28 - 00781404 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-04 14:24 - 2015-07-31 16:23 - 00013072 _____ C:\Users\SAMEER\AppData\Roaming\nvModes.dat 2015-10-04 14:24 - 2015-07-31 16:23 - 00013072 _____ C:\Users\SAMEER\AppData\Roaming\nvModes.001 2015-10-04 14:23 - 2015-08-17 12:15 - 00008070 _____ C:\Windows\PFRO.log 2015-10-03 20:31 - 2015-08-01 19:05 - 00000000 ____D C:\Users\SAMEER\AppData\Roaming\Skype 2015-10-03 20:28 - 2009-06-24 14:18 - 00000000 ____D C:\ProgramData\Skype 2015-09-29 18:00 - 2015-02-22 19:50 - 00000000 ____D C:\Users\KBC\AppData\Local\Google 2015-09-29 17:59 - 2015-02-22 19:51 - 00000000 ____D C:\Program Files\Google 2015-09-29 17:54 - 2008-01-25 10:14 - 00090657 _____ C:\Users\KBC\AppData\Roaming\nvModes.dat 2015-09-29 17:12 - 2006-11-02 15:53 - 00000189 _____ C:\Windows\system.ini 2015-09-28 11:48 - 2006-11-02 16:48 - 00000000 __RHD C:\Users\Default 2015-09-28 11:48 - 2006-11-02 16:48 - 00000000 ___RD C:\Users\Public 2015-09-28 11:11 - 2015-08-15 22:52 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-22 15:50 - 2008-01-25 17:00 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-09-22 15:39 - 2012-10-05 22:32 - 00000000 ____D C:\Temp delete after use 2015-09-22 14:34 - 2008-01-25 17:01 - 00000000 ____D C:\Users\KBC\AppData\Local\Adobe 2015-09-22 14:32 - 2011-02-25 17:06 - 00000000 ____D C:\Program Files\Adobe 2015-09-22 14:32 - 2008-01-25 17:00 - 00000000 ____D C:\ProgramData\Adobe 2015-09-22 12:08 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\Microsoft.NET 2015-09-22 12:01 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\rescache 2015-09-22 11:45 - 2006-11-02 18:14 - 00399736 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-22 11:36 - 2011-02-28 09:46 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-22 11:16 - 2013-07-31 15:16 - 00000000 ____D C:\Windows\system32\MRT ==================== Files in the root of some directories ======= 2008-01-25 11:34 - 2010-12-24 09:37 - 0011760 ____H () C:\Users\KBC\AppData\Roaming\KBC.idx 2008-01-25 10:14 - 2015-10-09 11:54 - 0090657 _____ () C:\Users\KBC\AppData\Roaming\nvModes.001 2008-01-25 10:14 - 2015-09-29 17:54 - 0090657 _____ () C:\Users\KBC\AppData\Roaming\nvModes.dat 2008-02-05 14:45 - 2013-12-20 14:23 - 0007484 _____ () C:\Users\KBC\AppData\Local\d3d9caps.dat 2008-02-19 16:00 - 2015-07-30 19:51 - 0060928 _____ () C:\Users\KBC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-20 16:13 - 2014-02-20 16:13 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-03-25 15:30 - 2013-03-25 15:30 - 0002001 _____ () C:\ProgramData\eTdsWizard1314_A8D59B57-C4D3-4DEE-88D4-9466F7421A5F.swidtag 2009-06-24 14:28 - 2009-06-24 14:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2008-02-12 14:45 - 2014-04-12 14:40 - 0043280 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-09 12:11 ==================== End of FRST.txt ============================ addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-10-2015 Ran by KBC (2015-10-09 12:42:21) Running from C:\Downloads\Farbar Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2007-09-21 03:41:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-595894999-490155728-2440704941-500 - Administrator - Disabled) Guest (S-1-5-21-595894999-490155728-2440704941-501 - Limited - Enabled) KBC (S-1-5-21-595894999-490155728-2440704941-1001 - Administrator - Enabled) => C:\Users\KBC SAMEER (S-1-5-21-595894999-490155728-2440704941-1002 - Limited - Enabled) => C:\Users\SAMEER ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) EASEUS Partition Master 6.5.2 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS) Easy Button (HKLM\...\EzButton) (Version: - ) EasyCapture2.5 (HKLM\...\EasyCapture2.5) (Version: - ) EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - ) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) eToken PKI Client 4.55 (HKLM\...\{2146B7E6-FC1C-4230-9952-E9CA2260AA08}) (Version: 4.55.22 - Aladdin Knowledge Systems Ltd.) Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden HP Deskjet 3540 series Basic Device Software (HKLM\...\{29E641BB-2183-4653-B589-18B10E5D9635}) (Version: 32.1.145.46951 - Hewlett-Packard Co.) HP Deskjet 3540 series Help (HKLM\...\{1D456349-7D00-479E-A2A9-C846CE390FE5}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Internet Telephone (Version: 4.60 - Callserve Communications Ltd) Hidden Internet Telephone 4.60 (HKLM\...\{B24E6473-5600-42D0-BD57-8E4B85ACD0BD}) (Version: - ) Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.3400 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3400 - Lenovo.) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) McAfee Internet Security (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.) McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.283 - McAfee, Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - ) PowerCineama MagicDirector Module (HKLM\...\{13E613EF-BB55-11D9-9D77-000129760D75}) (Version: - ) PowerCinema MakeDisc Module (HKLM\...\{FC4F90EC-B1DA-11D9-9D77-000129760D75}) (Version: - ) Product Improvement Study for HP Deskjet 3540 series (HKLM\...\{6945C9BA-710C-4776-BB1C-F5F2368AE45E}) (Version: 32.1.145.46951 - Hewlett-Packard Co.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5350 - Realtek Semiconductor Corp.) Seagate Manager Installer (HKLM\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Seagate Manager Installer (Version: 2.01.0700 - Seagate) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) ShuttleCenter (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - ) Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems) Tally.ERP 9 (HKLM\...\{AAF5BFFE-1A0B-4A9E-B726-82AC4DD26B59}) (Version: - ©Tally Solutions Pvt. Ltd., 1988-2011.) VeriFace (HKLM\...\VeriFace) (Version: - ) Windows Driver Package - Animation Technologies Inc. (TridVid) Media (01/17/2007 1.287.3.10) (HKLM\...\A06EE73B1C7DE59F5A907866B9F81C6A89C49529) (Version: 01/17/2007 1.287.3.10 - Animation Technologies Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 01-09-2015 19:37:40 zoek.exe restore point 22-09-2015 10:53:08 Windows Update 22-09-2015 13:19:49 Windows Update 28-09-2015 11:31:45 ComboFix created restore point 03-10-2015 20:21:28 McAfee Vulnerability Scanner ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 15:53 - 2015-09-28 11:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {13C6C1CE-9781-4B73-B921-A8FE300322BD} - System32\Tasks\{C2DA5577-8068-4880-B1FE-EA2D7177E005} => C:\Program Files\Skype\Phone\Skype.exe [2015-09-28] (Skype Technologies S.A.) Task: {196D8724-FA9D-4F51-9B7D-3D7A5FF312E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.) Task: {B04931F7-062C-4800-933A-9872D722C34D} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe Task: {B885FFD3-0FC5-4552-A6B8-B5C242FD867B} - System32\Tasks\ASC8_SkipUac_KBC => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe Task: {C38B5FCF-E267-47FE-AE3A-17DCE91C428B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd) Task: {C8C1B30C-960E-489A-8735-E3113D4668C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2007-09-21 09:42 - 2007-01-06 08:01 - 00274529 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe 2007-09-21 09:42 - 2007-01-06 08:01 - 00237671 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapEngine.dll 2007-09-21 09:42 - 2007-01-06 08:01 - 00032768 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvcps.dll 2007-09-21 09:41 - 2007-01-05 20:02 - 00262247 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2007-09-21 09:42 - 2007-01-06 08:01 - 00118879 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe 2007-09-21 09:42 - 2007-01-06 08:01 - 00114785 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSchMgr.dll 2007-09-21 09:42 - 2007-01-06 08:01 - 00339968 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLTinyDB.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\localhost -> localhost IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\100sexlinks.com -> 100sexlinks.com There are 4788 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-595894999-490155728-2440704941-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 5.152.219.50 - 37.220.8.190 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: EnergyCut => C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{F9964295-A095-4758-B0F3-225C12DC04E3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{890FC831-59AF-4118-8411-B310B441DDF5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft Tun Miniport Adapter #2 Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/04/2015 02:34:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 7ec Start Time: 01d0fe8228dbd06a Termination Time: 10187 Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-MIDDLE-35X35@2X.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-MIDDLE-35X35@2X.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-MIDDLE-35X35.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-MIDDLE-35X35.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-LEFT-35X35@2X.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-LEFT-35X35@2X.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-LEFT-35X35.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-LEFT-35X35.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2015 02:31:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20@2X.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) System errors: ============= Error: (10/09/2015 11:54:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (10/09/2015 11:54:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Advanced SystemCare Service 8%%2 Error: (10/09/2015 11:52:34 AM) (Source: HTTP) (EventID: 15021) (User: ) Description: \Device\Http\ReqQueue0.0.0.0:4482 Error: (10/04/2015 02:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (10/04/2015 02:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Advanced SystemCare Service 8%%2 Error: (10/04/2015 02:24:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/04/2015 02:23:28 PM) (Source: HTTP) (EventID: 15021) (User: ) Description: \Device\Http\ReqQueue0.0.0.0:4482 Error: (10/03/2015 04:54:16 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (10/03/2015 04:52:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/03/2015 04:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 CodeIntegrity: =================================== Date: 2015-10-09 12:40:14.119 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-09 12:40:12.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-09 12:40:11.748 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-09 12:40:10.499 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-09 12:30:17.347 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-09 12:30:16.224 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-09 12:30:14.867 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-09 12:30:13.743 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-29 17:04:43.117 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-29 17:04:42.415 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 CPU T5300 @ 1.73GHz Percentage of memory in use: 52% Total physical RAM: 2045.75 MB Available physical RAM: 970.71 MB Total Virtual: 4326.04 MB Available Virtual: 3133.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:58.9 GB) (Free:16.14 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (LENOVO) (Fixed) (Total:78.24 GB) (Free:72 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: C3FFC3FF) Partition 1: (Active) - (Size=58.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=11.9 GB) - (Type=12) Partition 3: (Not Active) - (Size=78.2 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================
  3. Also I uninstalled Google Chrome, restarted my pc and reinstalled Google Chrome. The pop ups are unfortunately still there... Kindly advise.
  4. Thank you. Here attached is the updated log after this. ComboFix 15-09-25.01 - KBC 29/09/2015 17:02:57.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.91.1033.18.2046.1121 [GMT 5.5:30] Running from: c:\users\KBC\Desktop\ComboFix.exe Command switches used :: c:\users\KBC\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2015-08-28 to 2015-09-29 ))))))))))))))))))))))))))))))) . . 2015-09-29 11:41 . 2015-09-29 11:42 -------- d-----w- c:\users\KBC\AppData\Local\temp 2015-09-29 11:41 . 2015-09-29 11:41 -------- d-----w- c:\users\SAMEER\AppData\Local\temp 2015-09-29 11:41 . 2015-09-29 11:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-09-24 11:20 . 2015-09-24 11:20 -------- d-----w- c:\program files\Common Files\Skype 2015-09-24 11:20 . 2015-09-24 11:20 -------- d-----r- c:\program files\Skype 2015-09-22 06:06 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys 2015-09-22 06:06 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys 2015-09-22 06:03 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\system32\msxml6.dll 2015-09-22 06:03 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\system32\msxml3.dll 2015-09-22 05:54 . 2015-07-10 14:21 2048 ----a-w- c:\windows\system32\tzres.dll 2015-09-22 05:53 . 2015-08-05 15:58 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2015-09-22 05:52 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-09-22 05:52 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll 2015-09-22 05:52 . 2015-09-02 19:55 2067456 ----a-w- c:\windows\system32\win32k.sys 2015-09-22 05:50 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll 2015-09-01 15:10 . 2015-09-01 14:04 24064 ----a-w- c:\windows\zoek-delete.exe 2015-09-01 14:56 . 2015-09-02 03:26 -------- d-----w- C:\zoek . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-09-28 05:41 . 2015-08-15 17:22 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-08-17 11:49 . 2015-08-15 16:43 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2015-08-04 18:33 . 2015-08-04 18:33 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-08-04 18:33 . 2015-08-04 18:33 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll 2015-07-31 21:46 . 2015-08-17 08:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2015-07-31 21:46 . 2015-08-17 08:53 189952 ----a-w- c:\windows\system32\d3d10core.dll 2015-07-31 21:46 . 2015-08-17 08:53 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2015-07-31 21:46 . 2015-08-17 08:53 1029120 ----a-w- c:\windows\system32\d3d10.dll 2015-07-31 20:41 . 2015-08-17 08:53 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2015-07-31 20:40 . 2015-08-17 08:53 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2015-07-31 20:35 . 2015-08-17 08:53 682496 ----a-w- c:\windows\system32\d2d1.dll 2015-07-31 20:33 . 2015-08-17 08:53 1072640 ----a-w- c:\windows\system32\DWrite.dll 2015-07-31 20:33 . 2015-08-17 08:53 802304 ----a-w- c:\windows\system32\FntCache.dll 2015-07-31 19:27 . 2015-08-17 09:00 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-07-21 20:55 . 2015-08-17 09:01 1206192 ----a-w- c:\windows\system32\ntdll.dll 2015-07-21 16:07 . 2015-08-17 09:01 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-07-21 16:07 . 2015-08-17 09:01 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe 2015-07-21 16:07 . 2015-08-17 09:01 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-07-21 16:07 . 2015-08-17 09:01 140224 ----a-w- c:\windows\system32\drivers\ecache.sys 2015-07-21 16:03 . 2015-08-17 09:01 10752 ----a-w- c:\windows\system32\msmmsp.dll 2015-07-21 16:03 . 2015-08-17 09:01 564224 ----a-w- c:\windows\system32\emdmgmt.dll 2015-07-21 16:03 . 2015-08-17 09:01 49664 ----a-w- c:\windows\system32\csrsrv.dll 2015-07-18 16:03 . 2015-08-17 08:54 68608 ----a-w- c:\windows\system32\basesrv.dll 2015-07-10 19:37 . 2015-08-17 08:58 2067968 ----a-w- c:\windows\system32\mstscax.dll 2015-07-09 14:25 . 2015-08-16 10:15 151040 ----a-w- c:\windows\system32\notepad.exe 2015-07-09 14:25 . 2015-08-16 10:15 151040 ----a-w- c:\windows\notepad.exe 2015-07-03 16:04 . 2015-08-01 04:22 1316864 ----a-w- c:\windows\system32\ole32.dll 2015-07-01 15:57 . 2015-08-16 10:16 199680 ----a-w- c:\windows\system32\WebClnt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-07-17 6453528] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-08-07 53729824] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-19 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-19 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-19 81920] "mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2015-02-11 562688] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring] 2015-07-17 18:33 6453528 ----a-w- c:\program files\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut] 2006-12-26 20:06 1392640 ----a-w- c:\program files\Lenovo\EnergyCut\EnergyCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2006-11-22 9728] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-09-26 08:43 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31] . 2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31] . 2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0f4f05a2ef6a0.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = about:blank Trusted Zone: localhost TCP: DhcpNameServer = 5.152.219.51 5.152.219.52 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-09-29 17:12 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2015-09-29 17:14:45 ComboFix-quarantined-files.txt 2015-09-29 11:44 ComboFix2.txt 2015-09-28 06:18 . Pre-Run: 18,708,996,096 bytes free Post-Run: 18,472,529,920 bytes free . - - End Of File - - 95615B155EB9751A32BDBBD37C9838A8 5C616939100B85E558DA92B899A0FC36
  5. Just rechecked, the pop - ups to ad-type.google.com are unfortunately still happening...
  6. Herewith are the results of Combofix Log report : ComboFix 15-09-25.01 - KBC 28/09/2015 11:33:52.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.91.1033.18.2046.1111 [GMT 5.5:30] Running from: c:\users\KBC\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\s.bat c:\windows\system32\zip32.dll . . ((((((((((((((((((((((((( Files Created from 2015-08-28 to 2015-09-28 ))))))))))))))))))))))))))))))) . . 2015-09-24 11:20 . 2015-09-24 11:20 -------- d-----w- c:\program files\Common Files\Skype 2015-09-24 11:20 . 2015-09-24 11:20 -------- d-----r- c:\program files\Skype 2015-09-22 06:06 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys 2015-09-22 06:06 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys 2015-09-22 06:03 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\system32\msxml6.dll 2015-09-22 06:03 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\system32\msxml3.dll 2015-09-22 05:54 . 2015-07-10 14:21 2048 ----a-w- c:\windows\system32\tzres.dll 2015-09-22 05:53 . 2015-08-05 15:58 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2015-09-22 05:52 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-09-22 05:52 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll 2015-09-22 05:52 . 2015-09-02 19:55 2067456 ----a-w- c:\windows\system32\win32k.sys 2015-09-22 05:50 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll 2015-09-01 15:10 . 2015-09-01 14:04 24064 ----a-w- c:\windows\zoek-delete.exe 2015-09-01 14:56 . 2015-09-02 03:26 -------- d-----w- C:\zoek . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-09-28 05:41 . 2015-08-15 17:22 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-08-17 11:49 . 2015-08-15 16:43 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2015-08-04 18:33 . 2015-08-04 18:33 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-08-04 18:33 . 2015-08-04 18:33 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll 2015-07-31 21:46 . 2015-08-17 08:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2015-07-31 21:46 . 2015-08-17 08:53 189952 ----a-w- c:\windows\system32\d3d10core.dll 2015-07-31 21:46 . 2015-08-17 08:53 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2015-07-31 21:46 . 2015-08-17 08:53 1029120 ----a-w- c:\windows\system32\d3d10.dll 2015-07-31 20:41 . 2015-08-17 08:53 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2015-07-31 20:40 . 2015-08-17 08:53 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2015-07-31 20:35 . 2015-08-17 08:53 682496 ----a-w- c:\windows\system32\d2d1.dll 2015-07-31 20:33 . 2015-08-17 08:53 1072640 ----a-w- c:\windows\system32\DWrite.dll 2015-07-31 20:33 . 2015-08-17 08:53 802304 ----a-w- c:\windows\system32\FntCache.dll 2015-07-31 19:27 . 2015-08-17 09:00 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-07-21 20:55 . 2015-08-17 09:01 1206192 ----a-w- c:\windows\system32\ntdll.dll 2015-07-21 16:07 . 2015-08-17 09:01 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-07-21 16:07 . 2015-08-17 09:01 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe 2015-07-21 16:07 . 2015-08-17 09:01 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-07-21 16:07 . 2015-08-17 09:01 140224 ----a-w- c:\windows\system32\drivers\ecache.sys 2015-07-21 16:03 . 2015-08-17 09:01 10752 ----a-w- c:\windows\system32\msmmsp.dll 2015-07-21 16:03 . 2015-08-17 09:01 564224 ----a-w- c:\windows\system32\emdmgmt.dll 2015-07-21 16:03 . 2015-08-17 09:01 49664 ----a-w- c:\windows\system32\csrsrv.dll 2015-07-18 16:03 . 2015-08-17 08:54 68608 ----a-w- c:\windows\system32\basesrv.dll 2015-07-10 19:37 . 2015-08-17 08:58 2067968 ----a-w- c:\windows\system32\mstscax.dll 2015-07-09 14:25 . 2015-08-16 10:15 151040 ----a-w- c:\windows\system32\notepad.exe 2015-07-09 14:25 . 2015-08-16 10:15 151040 ----a-w- c:\windows\notepad.exe 2015-07-03 16:04 . 2015-08-01 04:22 1316864 ----a-w- c:\windows\system32\ole32.dll 2015-07-01 15:57 . 2015-08-16 10:16 199680 ----a-w- c:\windows\system32\WebClnt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-07-17 6453528] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-08-07 53729824] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-19 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-19 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-19 81920] "mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2015-02-11 562688] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring] 2015-07-17 18:33 6453528 ----a-w- c:\program files\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut] 2006-12-26 20:06 1392640 ----a-w- c:\program files\Lenovo\EnergyCut\EnergyCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzButton] 2007-01-05 11:38 450560 ----a-w- c:\progra~1\EzButton\EzButton.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2006-11-22 9728] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-09-26 08:43 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31] . 2015-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31] . 2015-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0f4f05a2ef6a0.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = about:blank Trusted Zone: localhost Trusted Zone: webcompanion.com TCP: DhcpNameServer = 5.152.219.51 5.152.219.52 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Advanced SystemCare 8 - c:\program files\IObit\Advanced SystemCare 8\ASCTray.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Advanced SystemCare 8_is1 - c:\program files\IObit\Advanced SystemCare 8\unins000.exe AddRemove-IObitUninstall - c:\program files\IObit\IObit Uninstaller\UninstallDisplay.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-09-28 11:45 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2015-09-28 11:48:25 ComboFix-quarantined-files.txt 2015-09-28 06:18 . Pre-Run: 19,213,307,904 bytes free Post-Run: 18,686,803,968 bytes free . - - End Of File - - 7C3E6223DBB00CBD17A9AEA2C3F56602 5C616939100B85E558DA92B899A0FC36
  7. Dear Borislav.....I look forward to your further suggestions....? Incidentally I tried another laptop PC (windows 7) on the same internet connection. No pop ups on that PC with same connection, so presumably has something to do with my laptop PC.
  8. I use ADSL modem and switches. These are turned on and off every day. Please advise if something more is to be done.
  9. The ad pop-ups for ad-type.google.com are unfortunately still happening. The results from MiniToolBox are attached in my previous post. Kindly advise further steps.
  10. here are teh results from the MiniToolBox. MiniToolBox by Farbar Version: 25-07-2015 01 Ran by KBC (administrator) on 08-09-2015 at 14:40:00 Running from "C:\Downloads\MiniToolBox" Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Model: LENOVO3000 Y500 Manufacturer: Lenovo Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected) Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : KBC-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : gwlan Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection Physical Address. . . . . . . . . : 00-1B-77-82-F4-6F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC Physical Address. . . . . . . . . : 00-1B-38-03-72-AE DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::7c9f:3909:34c6:e4c3%8(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 08 September 2015 09:46:09 Lease Expires . . . . . . . . . . : 11 September 2015 14:22:42 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 184556344 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-84-F5-A5-00-1B-38-03-72-AE DNS Servers . . . . . . . . . . . : 5.152.219.50 37.220.8.190 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{7A8B311E-52BC-474D-92E3-3E6266593E19} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5896:f0c3:289e:3750:3f57:fe99(Preferred) Link-local IPv6 Address . . . . . : fe80::289e:3750:3f57:fe99%10(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 20: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 22: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 6TO4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 13: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 19: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 21: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.gwlan Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 23: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{0EE7B428-166B-4A90-80A3-B56A4013BBFE} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 24: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 6TO4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: h5-152-219-50.host.redstation.co.uk Address: 5.152.219.50 Name: google.com Addresses: 2a00:1450:4013:c00::64 173.194.65.138 173.194.65.101 173.194.65.100 173.194.65.102 173.194.65.139 173.194.65.113 Pinging google.com [173.194.65.113] with 32 bytes of data: Reply from 173.194.65.113: bytes=32 time=1738ms TTL=38 Reply from 173.194.65.113: bytes=32 time=472ms TTL=38 Ping statistics for 173.194.65.113: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 472ms, Maximum = 1738ms, Average = 1105ms DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 5.152.219.50 Name: yahoo.com Addresses: 2001:4998:c:a06::2:4008 2001:4998:44:204::a7 2001:4998:58:c02::a9 206.190.36.45 98.139.183.24 98.138.253.109 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=648ms TTL=46 Reply from 206.190.36.45: bytes=32 time=487ms TTL=46 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 487ms, Maximum = 648ms, Average = 567ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 9 ...00 1b 77 82 f4 6f ...... Intel® PRO/Wireless 3945ABG Network Connection 8 ...00 1b 38 03 72 ae ...... Realtek RTL8139/810x Family Fast Ethernet NIC 1 ........................... Software Loopback Interface 1 36 ...00 00 00 00 00 00 00 e0 isatap.{7A8B311E-52BC-474D-92E3-3E6266593E19} 21 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface 17 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 18 ...00 00 00 00 00 00 00 e0 6TO4 Adapter 19 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5 20 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2 22 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6 23 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7 31 ...00 00 00 00 00 00 00 e0 isatap.gwlan 26 ...00 00 00 00 00 00 00 e0 isatap.{0EE7B428-166B-4A90-80A3-B56A4013BBFE} 25 ...00 00 00 00 00 00 00 e0 6TO4 Adapter =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.102 276 192.168.1.102 255.255.255.255 On-link 192.168.1.102 276 192.168.1.255 255.255.255.255 On-link 192.168.1.102 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.102 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.102 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 10 18 ::/0 On-link 1 306 ::1/128 On-link 10 18 2001::/32 On-link 10 266 2001:0:5896:f0c3:289e:3750:3f57:fe99/128 On-link 8 276 fe80::/64 On-link 10 266 fe80::/64 On-link 10 266 fe80::289e:3750:3f57:fe99/128 On-link 8 276 fe80::7c9f:3909:34c6:e4c3/128 On-link 1 306 ff00::/8 On-link 10 266 ff00::/8 On-link 8 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\system32\NLAapi.dll [48640] (Microsoft Corporation) Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation) Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation) Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation) Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 38 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 39 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 40 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 41 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 42 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 43 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 44 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 45 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 46 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 47 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (09/08/2015 10:26:09 AM) (Source: Application Hang) (User: ) Description: The program iexplore.exe version 9.0.8112.16685 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1354 Start Time: 01d0e9f27e5bc020 Termination Time: 16 Error: (09/04/2015 12:24:04 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SERVICE WORKER\CACHESTORAGE\0FA95B80667BF657A6FF1012AC31D0FB34F2FA66\84F5DC1731DF005F272D0A6643765C44C36EBBF0\INDEX-DIR> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/04/2015 12:24:03 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SERVICE WORKER\CACHESTORAGE\0FA95B80667BF657A6FF1012AC31D0FB34F2FA66\84F5DC1731DF005F272D0A6643765C44C36EBBF0\INDEX-DIR> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (08/18/2015 11:30:01 AM) (Source: AdvancedSystemCareService8) (User: ) Description: The handle is invalid Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8) (User: ) Description: The handle is invalid Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8) (User: ) Description: The handle is invalid Error: (08/17/2015 05:08:02 PM) (Source: Perflib) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (08/17/2015 05:08:01 PM) (Source: Perflib) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (08/17/2015 03:49:23 PM) (Source: Application Hang) (User: ) Description: The program iexplore.exe version 9.0.8112.16684 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1248 Start Time: 01d0d8d609462d32 Termination Time: 125 Error: (08/17/2015 02:17:43 PM) (Source: Application Hang) (User: ) Description: The program iexplore.exe version 9.0.8112.16684 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 10ac Start Time: 01d0d8c8329774b9 Termination Time: 141 System errors: ============= Error: (09/08/2015 09:47:39 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (09/08/2015 09:47:39 AM) (Source: Service Control Manager) (User: ) Description: Advanced SystemCare Service 8%%2 Error: (09/08/2015 09:46:10 AM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueue0.0.0.0:4482 Error: (09/08/2015 09:44:47 AM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueue0.0.0.0:4482 Error: (09/05/2015 07:13:58 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (09/05/2015 07:13:58 PM) (Source: Service Control Manager) (User: ) Description: Advanced SystemCare Service 8%%2 Error: (09/05/2015 07:13:56 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (09/05/2015 07:12:12 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueue0.0.0.0:4482 Error: (09/04/2015 10:50:24 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (09/04/2015 10:50:24 AM) (Source: Service Control Manager) (User: ) Description: Advanced SystemCare Service 8%%2 Microsoft Office Sessions: ========================= Error: (09/08/2015 10:26:09 AM) (Source: Application Hang)(User: ) Description: iexplore.exe9.0.8112.16685135401d0e9f27e5bc02016 Error: (09/04/2015 12:24:04 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\SAMEER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SERVICE WORKER\CACHESTORAGE\0FA95B80667BF657A6FF1012AC31D0FB34F2FA66\84F5DC1731DF005F272D0A6643765C44C36EBBF0\INDEX-DIR Error: (09/04/2015 12:24:03 PM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\SAMEER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SERVICE WORKER\CACHESTORAGE\0FA95B80667BF657A6FF1012AC31D0FB34F2FA66\84F5DC1731DF005F272D0A6643765C44C36EBBF0\INDEX-DIR Error: (08/18/2015 11:30:01 AM) (Source: AdvancedSystemCareService8)(User: ) Description: The handle is invalid Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8)(User: ) Description: The handle is invalid Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8)(User: ) Description: The handle is invalid Error: (08/17/2015 05:08:02 PM) (Source: Perflib)(User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (08/17/2015 05:08:01 PM) (Source: Perflib)(User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (08/17/2015 03:49:23 PM) (Source: Application Hang)(User: ) Description: iexplore.exe9.0.8112.16684124801d0d8d609462d32125 Error: (08/17/2015 02:17:43 PM) (Source: Application Hang)(User: ) Description: iexplore.exe9.0.8112.1668410ac01d0d8c8329774b9141 CodeIntegrity Errors: =================================== Date: 2015-08-26 19:16:04.011 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-26 19:16:02.982 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-26 19:16:01.921 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-26 19:16:00.876 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-26 19:15:57.647 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-26 19:15:56.617 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-26 19:15:55.556 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-26 19:15:54.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-26 19:13:29.868 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-08-26 19:13:28.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ 32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.3.0 - IObit) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) EASEUS Partition Master 6.5.2 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS) Easy Button (HKLM\...\EzButton) (Version: - ) EasyCapture2.5 (HKLM\...\EasyCapture2.5) (Version: - ) EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - ) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) eToken PKI Client 4.55 (HKLM\...\{2146B7E6-FC1C-4230-9952-E9CA2260AA08}) (Version: 4.55.22 - Aladdin Knowledge Systems Ltd.) Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.13 - Google Inc.) Hidden HP Deskjet 3540 series Basic Device Software (HKLM\...\{29E641BB-2183-4653-B589-18B10E5D9635}) (Version: 32.1.145.46951 - Hewlett-Packard Co.) HP Deskjet 3540 series Help (HKLM\...\{1D456349-7D00-479E-A2A9-C846CE390FE5}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Internet Telephone (HKLM\...\{0CDB16C2-E258-4D2C-A572-776E667431BF}) (Version: 4.60 - Callserve Communications Ltd) Hidden Internet Telephone 4.60 (HKLM\...\{B24E6473-5600-42D0-BD57-8E4B85ACD0BD}) (Version: - ) IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.3.0.5 - IObit) Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.3400 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3400 - Lenovo.) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) McAfee Internet Security (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.) McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.276 - McAfee, Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - ) PowerCineama MagicDirector Module (HKLM\...\{13E613EF-BB55-11D9-9D77-000129760D75}) (Version: - ) PowerCinema MakeDisc Module (HKLM\...\{FC4F90EC-B1DA-11D9-9D77-000129760D75}) (Version: - ) Product Improvement Study for HP Deskjet 3540 series (HKLM\...\{6945C9BA-710C-4776-BB1C-F5F2368AE45E}) (Version: 32.1.145.46951 - Hewlett-Packard Co.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5350 - Realtek Semiconductor Corp.) Seagate Manager Installer (HKLM\...\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Hidden Seagate Manager Installer (HKLM\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden ShuttleCenter (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - ) Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems) Tally.ERP 9 (HKLM\...\{AAF5BFFE-1A0B-4A9E-B726-82AC4DD26B59}) (Version: - ©Tally Solutions Pvt. Ltd., 1988-2011.) VeriFace (HKLM\...\VeriFace) (Version: - ) Windows Driver Package - Animation Technologies Inc. (TridVid) Media (01/17/2007 1.287.3.10) (HKLM\...\A06EE73B1C7DE59F5A907866B9F81C6A89C49529) (Version: 01/17/2007 1.287.3.10 - Animation Technologies Inc.) ========================= Devices: ================================ Name: Microsoft Tun Miniport Adapter #2 Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Device ID: ROOT\*TUNMP\0001 Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Device ID: ROOT\*TUNMP\0002 Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Device ID: ROOT\*TUNMP\0003 Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ========================= Memory info: =================================== Percentage of memory in use: 43% Total physical RAM: 2045.75 MB Available physical RAM: 1150.29 MB Total Virtual: 4328 MB Available Virtual: 3141.53 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:58.9 GB) (Free:22.05 GB) NTFS 2 Drive d: (LENOVO) (Fixed) (Total:78.24 GB) (Free:72 GB) NTFS ========================= Users: ======================================== User accounts for \\KBC-PC Administrator Guest KBC SAMEER ========================= Minidump Files ================================== C:\Windows\Minidump\Mini082115-01.dmp **** End of log ****
  11. aswMBR also provided the option of updating the antivirus signatures. I have run a scan once without the updation and second after updating the signature. First scan log ( without update) aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software Run date: 2015-09-08 10:36:08 ----------------------------- 10:36:08.843 OS Version: Windows 6.0.6002 Service Pack 2 10:36:08.843 Number of processors: 2 586 0xF02 10:36:08.843 ComputerName: KBC-PC UserName: KBC 10:37:32.038 Initialize success 10:37:32.631 VM: initialized successfully 10:37:32.631 VM: Intel CPU virtualization not supported 10:38:07.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 10:38:07.754 Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 3 10:38:07.910 Disk 0 MBR read successfully 10:38:07.910 Disk 0 MBR scan 10:38:07.910 Disk 0 Windows VISTA default MBR code 10:38:07.910 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60314 MB offset 63 10:38:07.941 Disk 0 Partition 2 00 12 Compaq diag 12197 MB offset 287595630 10:38:07.941 Disk 0 Partition - 00 0F Extended LBA 80113 MB offset 123523785 10:38:07.972 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 80113 MB offset 123523848 10:38:07.972 Disk 0 scanning sectors +312576705 10:38:08.066 Disk 0 scanning C:\Windows\system32\drivers 10:38:29.625 Service scanning 10:39:11.636 Modules scanning 10:39:11.636 Disk 0 trace - called modules: 10:39:11.698 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 10:39:11.714 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86634968] 10:39:11.714 3 CLASSPNP.SYS[891bd8b3] -> nt!IofCallDriver -> [0x85460898] 10:39:11.730 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e43030] 10:39:11.730 Disk 0 statistics 79389/0/0 @ 4.16 MB/s 10:39:11.745 Scan finished successfully 10:39:51.915 Disk 0 MBR has been saved successfully to "C:\Downloads\Avast\MBR.dat" 10:39:51.931 The log file has been saved successfully to "C:\Downloads\Avast\aswMBR.txt" Second Scan Log ( after update) aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software Run date: 2015-09-08 10:43:16 ----------------------------- 10:43:16.479 OS Version: Windows 6.0.6002 Service Pack 2 10:43:16.479 Number of processors: 2 586 0xF02 10:43:16.479 ComputerName: KBC-PC UserName: KBC 10:43:18.132 Initialize success 10:43:18.163 VM: initialized successfully 10:43:18.163 VM: Intel CPU virtualization not supported 11:27:50.074 AVAST engine defs: 15090701 11:32:54.430 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 11:32:54.446 Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 3 11:32:54.586 Disk 0 MBR read successfully 11:32:54.586 Disk 0 MBR scan 11:32:54.695 Disk 0 Windows VISTA default MBR code 11:32:54.695 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60314 MB offset 63 11:32:54.789 Disk 0 Partition 2 00 12 Compaq diag 12197 MB offset 287595630 11:32:54.851 Disk 0 Partition - 00 0F Extended LBA 80113 MB offset 123523785 11:32:54.883 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 80113 MB offset 123523848 11:32:54.929 Disk 0 scanning sectors +312576705 11:32:55.117 Disk 0 scanning C:\Windows\system32\drivers 11:34:21.587 Service scanning 11:36:17.729 Modules scanning 11:36:17.729 Disk 0 trace - called modules: 11:36:17.761 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys 11:36:17.761 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86634968] 11:36:17.761 3 CLASSPNP.SYS[891bd8b3] -> nt!IofCallDriver -> [0x85460898] 11:36:17.761 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e43030] 11:36:19.445 AVAST engine scan C:\Windows 11:36:45.622 AVAST engine scan C:\Windows\system32 11:48:15.281 AVAST engine scan C:\Windows\system32\drivers 11:49:04.640 AVAST engine scan C:\Users\KBC 11:54:38.324 AVAST engine scan C:\ProgramData 12:00:03.490 Disk 0 statistics 2749094/0/0 @ 3.06 MB/s 12:00:03.490 Scan finished successfully 12:16:27.304 Disk 0 MBR has been saved successfully to "C:\Downloads\Avast\MBR.dat" 12:16:27.320 The log file has been saved successfully to "C:\Downloads\Avast\aswMBR2.txt" Thank you for your continuing advice. Regards
  12. Used the Geek uninstaller to uninstall Google chrome, deleted leftovers. Restarted the computer. Downloaded google chrome from the google website and installed it. Started google chrome. Unfortunately the pop up ads are still there, wherever I click in any website , except the secure websites starting with https: Regards
  13. I use 2 browsers - Internet explorer and google chrome. This ad pops are happening on both browsers, rechecked the occurence again just now.
  14. Thankyou for the suggestion. I have attached the logs below, after that I rechecked browser and the pop-up ads are unfortunately still happening : Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by KBC on 01/09/2015 at 19:34:29.91.Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86Running in: Normal Mode Internet Access DetectedLaunched: C:\Downloads\Zoek\zoek\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 01/09/2015 19:38:09 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\Acro Software deleted successfullyC:\Program Files\Camtech deleted successfullyC:\Program Files\DC-Unlocker deleted successfullyC:\Program Files\MSXML 4.0 deleted successfullyC:\Program Files\stinger deleted successfullyC:\Program Files\VideoLAN deleted successfullyC:\Program Files\Common Files\XCPCSync.OEM deleted successfullyC:\PROGRA~2\WinZipSE deleted successfullyC:\PROGRA~2\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfullyC:\Users\Default\AppData\Roaming\ProductData deleted successfullyC:\Users\KBC\AppData\Roaming\Philipp Winterberg deleted successfullyC:\Users\SAMEER\AppData\Roaming\Itel deleted successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-595894999-490155728-2440704941-1001\Software\Microsoft\Internet Explorer\SearchScopes\{93FE6A51-45E9-4590-B71D-16364EB6A54F} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdateSvc deleted successfullyHKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LiveUpdateSvc deleted successfully ==== Batch Command(s) Run By Tool====================== Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ==== Deleting Files \ Folders ====================== C:\Program Files\Acro Software not foundC:\Program Files\Camtech not foundC:\Program Files\DC-Unlocker not foundC:\Program Files\stinger not foundC:\Program Files\VideoLAN not foundC:\PROGRA~2\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not foundC:\Program Files\Free Download Manager deletedC:\Users\KBC\AppData\Roaming\Rim.Desktop.Exception.log deletedC:\Users\KBC\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deletedC:\Users\KBC\AppData\Roaming\Rim.DesktopHelper.Exception.log deletedC:\Users\SAMEER\AppData\Roaming\ProductData deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deletedC:\Windows\system32\config\systemprofile\Searches deletedC:\Windows\system32\LavasoftTcpService.dll deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files\McAfee\SiteAdvisor" [01/09/2015 19:15] ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.157 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsfheoggkfdfchfphceeifdbepaooicaho - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx[17/08/2015 20:22] Chrome Hotword Shared Module - KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgChrome Hotword Shared Module - SAMEER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Preferences1DCFA36F2166B0626BC2818701EE3092F3827FAC52555F573BEE48DEDA9","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"7D04C1241660FBA94ED78261FC57619B47ADFDD21D431A0A952E8E8CB2C3CA1C","pjkljhegncpnkpknbcohdijeoejaedia":"A3E23745C2A38B877D641A6882FCF831BF8DAEBD9587B7DBE2911E27DCF7F4EC"}},"google":{"services":{"account_id":"8DE2B1179323AA8D6BC2427875BFF09FD6858BEF499BAA32185BCF842648800B","last_username":"574907C6F7402856A9AB28D0D989F47EAC2A447181341F5CF99FD61EDDA6D5E5","username":"DCEB34A3D342F559940A31CB23F2347599EEB9B03222639EF94588CD7C6968A0"}},"homepage":"6667CA6B2A6BED56469BD741F260FF5EA136CD2600D102E50E98C3243C3ABADA","homepage_is_newtabpage":"5A4273500B1A088B2B455C4876555FD928D5DECC89CB3C5DA547C981BE6C70DB","pinned_tabs":"6C78BE8D55324BFB0DECA9E9B16FE9660D73A72680FC3BC2838BC173E6777341","prefs":{"preference_reset_time":"BBC98ADF6BA36C3CDF27D617A034BD5748D1DD117009A6A256459611389BB375"},"profile":{"reset_prompt_memento":"FF0526C4B23EBDBCA4CAF288B87D273767A2E011A2EC90AD59D43D4DFECB08FF"},"safebrowsing":{"incidents_sent":"356B9037C74DB46A92F984DF0D2DF48656EB8BA64CC0090E4718445FE8E066E7"},"search_provider_overrides":"B0C6EF8D5B6CEA6E9BE770833229E6619A82B2C7A8FEABEF312D2B67753940B7","session":{"restore_on_startup":"415F7CDEF2FD054609604194E46CFC91EFC7CD1D8010F2294017EDE7D6E7C50F","startup_urls":"3258CA2DD91A946B39D5253F762A422E8D8128FE642E18B77AB3DA1910D6D035"},"software_reporter":{"prompt_reason":"BDFCEF55CBBC8575A072DA3DA31A4213FD5337752361B37D3C9EC0470392DB90","prompt_seed":"C26C6D5D044AD5F96873ED033CE74EFFF5160EAC6F805E3293F227279E4FA846","prompt_version":"A40A519310B98DAD21AE909A1A98402FBD92D169F6F74008BC31879466135D69"},"sync":{"remaining_rollback_tries":"F365221B73D8F812BB1A46679B91BCAE740B558E1B227C00225BFEA45C9C1227"}},"super_mac":"33B0A8A0D5D6A363F1404BE7CAD4509F495BDE3611B6159DA26EC769922356FA"},"session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/]}} ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]"Tabs"="res://ieframe.dll/tabswelcome.htm"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{93FE6A51-45E9-4590-B71D-16364EB6A54F}"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93FE6A51-45E9-4590-B71D-16364EB6A54F}] not found New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]"Tabs"="about:newtab"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Companion deleted successfully ==== Empty IE Cache ====================== C:\Users\KBC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\SAMEER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HLYSIS1 will be deleted at rebootC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBN04ZCO will be deleted at rebootC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6OIBL4G will be deleted at rebootC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVDV215S will be deleted at rebootC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HLYSIS1 will be deleted at rebootC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBN04ZCO will be deleted at rebootC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6OIBL4G will be deleted at rebootC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVDV215S will be deleted at rebootC:\Users\KBC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at rebootC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at rebootC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\SAMEER\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=9 folders=4 452411 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\KBC\AppData\Local\Temp will be emptied at rebootC:\Users\SAMEER\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\KBC\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\KBC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HLYSIS1" not found"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBN04ZCO" not found"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6OIBL4G" not found"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVDV215S" not found"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HLYSIS1" not found"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBN04ZCO" not found"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6OIBL4G" not found"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVDV215S" not found ==== EOF on 02/09/2015 at 8:56:30.84 ======================
  15. Here attached is the scan of the ZHP cleaner. ~ ZHPCleaner v2015.8.26.332 by Nicolas Coolman (2015/08/26)~ Run by KBC (Administrator) (26/08/2015 19:05:31)~ Site : http://www.nicolascoolman.fr~ Facebook : https://www.facebook.com/nicolascoolman1~ State version : Version OK~ Type : Scan~ Report : C:\Users\KBC\Desktop\ZHPCleaner.txt~ Quarantine : C:\Users\KBC\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt~ UAC : Activate~ Boot Mode : Normal (Normal boot)Windows VISTA, 32-bit Service Pack 2 (Build 6002) ---\\ Services (0)~ No malicious or unnecessary items found. ---\\ Browser internet (0)~ No malicious or unnecessary items found. ---\\ Hosts file (1)~ The hosts file is legitimate (1) ---\\ Scheduled automatic tasks. (0)~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (0)~ No malicious or unnecessary items found. ---\\ Registry ( Key, Value, Data) (0)~ No malicious or unnecessary items found. ---\\ Result of repair~ Any repair made~ Browser not found (Mozilla Firefox)~ Browser not found (Opera Software) ---\\ Statistics~ Items scanned : 48659~ Items found : 0~ Items cancelled : 0~ Items repaired : 0 ~ End of search in 23 minutes===================ZHPCleaner--26082015-19_28_34.txt Thank you for suggesting further action. ( i will be tied up over the next few days, hence my further response may be somewhat delayed.)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.