Jump to content

lap top running slow is it sweet pc fix?


goa55

Recommended Posts

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed.

    There shouldn't be any scheduled antivirus scans running while the scan is being performed.

    Do not use your computer for anything else during the scan.

    [*]Double click on the DDS icon and allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

=====

Next, please post a fresh log from MBAM.

=====

Finally, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply please provide the contents of the following logs:

  • DDS.txt.
  • MBAM log.
  • AdwCleaner[R1].txt.

Do you notice any popups or search redirects?

Link to post
Share on other sites

.

hi no popups or search redirects

Thanks

will post the others next

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 18/04/2011 15:50:06

System Uptime: 28/12/2012 20:53:59 (36 hours ago)

.

Motherboard: Acer | | Aspire 5741Z

Processor: Intel® Pentium® CPU P6000 @ 1.87GHz | CPU | 1063/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 284 GiB total, 204.719 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP530: 14/12/2012 23:16:15 - Installed TotalMedia HDCam

RP531: 14/12/2012 23:18:05 - Installed Print Creations

RP532: 14/12/2012 23:30:51 - Installed Connect Service

RP533: 15/12/2012 23:51:12 - Windows Update

RP534: 17/12/2012 23:31:42 - Installed Connect Service

RP535: 19/12/2012 17:27:31 - Windows Update

RP536: 22/12/2012 06:50:38 - Windows Update

RP537: 26/12/2012 08:30:56 - Windows Update

RP538: 29/12/2012 09:31:01 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

1912 Titanic Mystery

Acer Backup Manager

Acer Crystal Eye webcam Ver:1.1.167.331

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.5.0 MUI

Amazonia

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Photo Book

ArcSoft TotalMedia HDCam

Backup Manager Basic

Big Fish Games: Game Manager

Bing Bar

BlackBerry Desktop Software 6.1

Broadcom Gigabit NetLink Controller

Cake Mania

CCleaner

Chicken Invaders 2

Compatibility Pack for the 2007 Office system

CyberLink PowerDVD 9

D3DX10

Dairy Dash

DHTML Editing Component

Dropbox

eBay Worldwide

eSobi v2

Farm Frenzy 2

Galapago

Google Chrome

Google Drive

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist Corporate

Granny In Paradise

Heroes of Hellas

Identity Card

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Internet Explorer Toolbar 4.6 by SweetPacks

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Launch Manager

Maintenance Samsung CLP-320 Series

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyTomTom 3.1.0.530

MyWinLocker

MyWinLocker Suite

Norton Online Backup

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

OpenOffice.org 3.3

Paint.NET v3.5.10

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Shredder

Spin & Win

SweetIM for Messenger 3.7

SweetPacks bundle uninstaller

Synaptics Pointing Device Driver

Turbo Lister 2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Manager for SweetPacks 1.1

Visual Studio C++ 10.0 Runtime

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Detect

ZTE USB Driver

.

==== Event Viewer Messages From Past Week ========

.

30/12/2012 08:54:44, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

30/12/2012 08:34:36, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA} because another computer on the network has the same name. The server could not start.

30/12/2012 08:34:36, Error: NetBT [4321] - The name "ADAM-PC :20" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.

30/12/2012 08:34:36, Error: NetBT [4321] - The name "ADAM-PC :0" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.

28/12/2012 23:27:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

28/12/2012 20:31:09, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

25/12/2012 08:38:52, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

.

==== End Of File ===========================

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-21 312400]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-7-5 866336]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-21 13336]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-21 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-21 243232]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-21 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-21 158720]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-21 271872]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-21 321064]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-25 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-6-13 11776]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-4-17 305520]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-21 239136]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-20 1255736]

S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2011-6-13 135168]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-29 16:18:48 -------- d-----w- C:\Users\Adam\AppData\Local\{95AD2D6B-669B-49CE-8A37-805992771469}

2012-12-29 09:32:34 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6068B4C-A2DE-4FF3-AF77-59E3531DFAD4}\mpengine.dll

2012-12-29 09:19:25 -------- d-----w- C:\Users\Adam\AppData\Local\{2C8FA50D-0104-44FE-83A1-659F8A478527}

2012-12-28 16:36:56 -------- d-----w- C:\Users\Adam\AppData\Local\{7D83193B-2EDB-4E7E-9E99-246979D03E43}

2012-12-28 08:24:52 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-28 08:24:52 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FBD7696D-95C9-4379-8639-F30CFFC197DA}\mpengine.dll

2012-12-27 08:50:17 -------- d-----w- C:\Users\Adam\AppData\Local\{E3D47A1E-C832-4566-B8AF-7D4E3F7E7F02}

2012-12-26 20:37:13 -------- d-----w- C:\Users\Adam\AppData\Local\{440912BD-A0D7-4D91-89A0-570CF57B413C}

2012-12-25 15:10:20 -------- d-----w- C:\Users\Adam\AppData\Local\{EB0127F2-0121-416F-BCF4-B7B2B47EA8AD}

2012-12-24 23:41:59 -------- d-----w- C:\Users\Adam\AppData\Local\{138FF618-BB9F-46A5-9DBD-8267750423C7}

2012-12-24 11:17:44 -------- d-----w- C:\Users\Adam\AppData\Local\{CECD3DEE-9EB1-42D4-9ED3-092FAFEB1A36}

2012-12-23 21:33:46 -------- d-----w- C:\Users\Adam\AppData\Local\{040C1493-CA52-4B1F-AB21-9977653EA7EE}

2012-12-23 06:29:32 -------- d-----w- C:\Users\Adam\AppData\Local\{252684A0-5726-4F14-9CC0-6C646A7E7459}

2012-12-22 15:30:17 -------- d-----w- C:\Users\Adam\AppData\Local\{494CF17A-F605-4B5F-95F6-65A0FEA6B2C3}

2012-12-22 06:52:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 06:52:11 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 06:52:06 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 06:52:05 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-22 00:57:41 -------- d-----w- C:\Users\Adam\AppData\Local\{B3C3441E-EDD3-4723-98ED-061FCAA956C4}

2012-12-21 12:57:25 -------- d-----w- C:\Users\Adam\AppData\Local\{E42673C3-E174-4484-9959-1373A177F8DE}

2012-12-20 20:09:38 -------- d-----w- C:\Users\Adam\AppData\Local\{F6599112-C0DC-475F-8ADD-DE6528CD658D}

2012-12-20 08:09:16 -------- d-----w- C:\Users\Adam\AppData\Local\{58AC1720-953F-47A4-9EEC-D024D5BE49BD}

2012-12-19 20:08:54 -------- d-----w- C:\Users\Adam\AppData\Local\{DA5ACAC1-642A-4CB8-8322-E059E1138DB3}

2012-12-19 08:08:43 -------- d-----w- C:\Users\Adam\AppData\Local\{03D92FA1-E4E6-47DF-9E87-36C6F0D8664B}

2012-12-18 13:21:51 -------- d-----w- C:\Users\Adam\AppData\Local\{A31939F1-F53B-4A1A-9D43-A3B53546EFF5}

2012-12-17 22:04:19 -------- d-----w- C:\Users\Adam\AppData\Local\{262077BD-F3DF-49E0-9FF2-C3D186223A40}

2012-12-17 08:21:18 -------- d-----w- C:\Users\Adam\AppData\Local\{83117BCE-DC8A-46C0-8DA8-AEF3E8D03196}

2012-12-16 17:46:39 -------- d-----w- C:\Users\Adam\AppData\Local\{03AD07D1-E459-424E-AACC-A9230138E1B4}

2012-12-15 23:32:50 -------- d-----w- C:\Users\Adam\AppData\Local\{1ABD207D-F294-4418-98E1-2225E36FE2BB}

2012-12-14 23:30:39 -------- d-----w- C:\Users\Adam\AppData\Local\Programs

2012-12-14 23:19:38 -------- d-----w- C:\Users\Adam\AppData\Local\ArcSoft

2012-12-14 23:19:33 -------- d-----w- C:\ProgramData\ArcSoft

2012-12-14 18:23:21 -------- d-----w- C:\Users\Adam\AppData\Local\{A9E178C8-8297-4B8E-97C6-5CB64C515C73}

2012-12-14 06:23:09 -------- d-----w- C:\Users\Adam\AppData\Local\{C332D171-A127-4061-BFD3-495F96A134D0}

2012-12-13 12:58:13 -------- d-----w- C:\Users\Adam\AppData\Local\{5394F09D-FDFD-4635-A58F-40549883F44C}

2012-12-13 00:57:51 -------- d-----w- C:\Users\Adam\AppData\Local\{110D8AD1-8B94-49AF-A5D5-6FBD392657A1}

2012-12-12 12:57:39 -------- d-----w- C:\Users\Adam\AppData\Local\{F13F0B5E-A009-4E44-865E-DD18E645B632}

2012-12-11 23:03:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-11 23:03:18 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-11 23:03:02 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-12-11 23:01:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-12-11 22:40:26 -------- d-----w- C:\Users\Adam\AppData\Local\{A01E6317-43AB-422C-BB03-9628D07632DF}

2012-12-11 04:18:11 -------- d-----w- C:\Users\Adam\AppData\Local\{00D8CFA1-8396-40C3-82BC-0DEDA996AD4B}

2012-12-10 11:58:34 -------- d-----w- C:\Users\Adam\AppData\Local\{0E77F9BB-464C-4C3B-8EBC-8B47DE12EB1E}

2012-12-09 21:38:01 -------- d-----w- C:\Users\Adam\AppData\Local\{9B5405B8-5650-48F1-894E-87F4511090C0}

2012-12-09 08:21:45 -------- d-----w- C:\Users\Adam\AppData\Local\{0BAC74E2-6F2B-4F97-88AB-B7F50CCBBA66}

2012-12-08 17:08:26 -------- d-----w- C:\Users\Adam\AppData\Local\{50BCF30C-E852-4C22-89F6-7F0BFEB839C5}

2012-12-08 05:00:38 -------- d-----w- C:\Users\Adam\AppData\Local\{0D4A8789-6B62-44A9-8420-DAFAC5DA6E81}

2012-12-07 16:04:00 -------- d-----w- C:\Users\Adam\AppData\Local\{93FE6F58-9812-4F9C-A700-797BEBCFC0B3}

2012-12-07 03:21:12 -------- d-----w- C:\Users\Adam\AppData\Local\{ECFBB369-2338-45D2-8560-A399ABF78229}

2012-12-06 13:08:20 -------- d-----w- C:\Users\Adam\AppData\Local\{378F4312-092A-4B75-B12C-92B552D19F25}

2012-12-06 00:12:29 -------- d-----w- C:\Users\Adam\AppData\Local\{76FC5443-976D-449B-AC37-78DB2ABC2646}

2012-12-05 11:12:07 -------- d-----w- C:\Users\Adam\AppData\Local\{C0F37D6F-860E-4760-97DE-36A89DF7C418}

2012-12-04 22:02:15 -------- d-----w- C:\Users\Adam\AppData\Local\{1E17B482-AC58-4E6F-899B-C6BCA6324935}

2012-12-04 07:36:53 -------- d-----w- C:\Users\Adam\AppData\Local\{776083AB-AB99-4091-BA46-C66E99E85F91}

2012-12-03 15:22:15 -------- d-----w- C:\Users\Adam\AppData\Local\{DBDBD59F-BED9-4C70-BC2F-DEE666BEEA40}

2012-12-03 00:04:58 -------- d-----w- C:\Users\Adam\AppData\Local\{71E6032B-E6D5-4746-A978-4A8C70EAC306}

2012-12-02 08:01:55 -------- d-----w- C:\Users\Adam\AppData\Local\{90C7523B-13F1-4A6A-8731-54B958E13E86}

2012-12-01 15:05:26 -------- d-----w- C:\Users\Adam\AppData\Local\{2AD410D2-EEA5-449D-B2AF-26F8E3EBC939}

2012-11-30 23:27:06 -------- d-----w- C:\Users\Adam\AppData\Local\{8C4BAF95-CCF7-459F-989F-D9CAC81CB2BC}

2012-11-30 11:26:54 -------- d-----w- C:\Users\Adam\AppData\Local\{AA46939B-0FB9-4599-9586-9C1066BE3DB9}

.

==================== Find3M ====================

.

2012-11-12 12:18:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-12 11:51:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-27 05:36:37 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-10-27 05:36:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2012-10-27 05:00:40 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-27 04:59:41 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-10-27 04:23:06 482816 ----a-w- C:\Windows\System32\html.iec

2012-10-27 03:52:14 386048 ----a-w- C:\Windows\SysWow64\html.iec

2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-04 17:38:56 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:38:56 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:38:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:38:24 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:35:22 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:32:16 425984 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:54:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:54:17 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:19:57 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:49:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:49:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:49:22 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:49:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:44:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:44:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:44:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 8:54:43.62 ===============

Link to post
Share on other sites

<p> </p>

<div>Malwarebytes Anti-Malware 1.70.0.1100</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.12.30.03</div>

<div> </div>

<div>Windows 7 x64 NTFS</div>

<div>Internet Explorer 8.0.7600.16385</div>

<div>Adam :: ADAM-PC [administrator]</div>

<div> </div>

<div>30/12/2012 09:12:56</div>

<div>mbam-log-2012-12-30 (09-12-56).txt</div>

<div> </div>

<div>Scan type: Quick scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 255712</div>

<div>Time elapsed: 21 minute(s), 57 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

Link to post
Share on other sites

<p> </p>

<div># AdwCleaner v2.104 - Logfile created 12/30/2012 at 11:03:18</div>

<div># Updated 29/12/2012 by Xplode</div>

<div># Operating system : Windows 7 Home Premium  (64 bits)</div>

<div># User : Adam - ADAM-PC</div>

<div># Boot Mode : Normal</div>

<div># Running from : C:\Users\Adam\Downloads\adwcleaner.exe</div>

<div># Option [search]</div>

<div> </div>

<div> </div>

<div>***** [services] *****</div>

<div> </div>

<div> </div>

<div>***** [Files / Folders] *****</div>

<div> </div>

<div>File Found : C:\Users\Adam\Desktop\Search The Web.url</div>

<div>File Found : C:\Users\Adam\Desktop\sweetpcfix.url</div>

<div>File Found : C:\Users\Public\Desktop\eBay.lnk</div>

<div>Folder Found : C:\Program Files (x86)\SweetIM</div>

<div>Folder Found : C:\ProgramData\Partner</div>

<div>Folder Found : C:\ProgramData\SweetIM</div>

<div>Folder Found : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn</div>

<div>Folder Found : C:\Users\Adam\AppData\Local\Temp\boost_interprocess</div>

<div>Folder Found : C:\Users\Adam\AppData\LocalLow\SweetIM</div>

<div>Folder Found : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}</div>

<div>Folder Found : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}</div>

<div> </div>

<div>***** [Registry] *****</div>

<div> </div>

<div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}</div>

<div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}</div>

<div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKCU\Software\SweetIM</div>

<div>Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils</div>

<div>Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1</div>

<div>Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator</div>

<div>Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1</div>

<div>Key Found : HKLM\SOFTWARE\Classes\sim-packages</div>

<div>Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar</div>

<div>Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1</div>

<div>Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook</div>

<div>Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1</div>

<div>Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie</div>

<div>Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1</div>

<div>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}</div>

<div>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe</div>

<div>Key Found : HKLM\Software\SweetIM</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}</div>

<div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}</div>

<div>Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}</div>

<div>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}</div>

<div>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}</div>

<div>Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]</div>

<div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetIM]</div>

<div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetpacks Communicator]</div>

<div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]</div>

<div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]</div>

<div>Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]</div>

<div> </div>

<div>***** [internet Browsers] *****</div>

<div> </div>

<div>-\\ Internet Explorer v8.0.7600.17153</div>

<div> </div>

<div>[OK] Registry is clean.</div>

<div> </div>

<div>-\\ Google Chrome v23.0.1271.97</div>

<div> </div>

<div>File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences</div>

<div> </div>

<div>[OK] File is clean.</div>

<div> </div>

<div>*************************</div>

<div> </div>

<div>AdwCleaner[R1].txt - [5862 octets] - [30/12/2012 11:03:18]</div>

<div> </div>

<div>########## EOF - C:\AdwCleaner[R1].txt - [5922 octets] ##########</div>

<div> </div>

Link to post
Share on other sites

Good morning goa55,

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

=====

Also, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

In your reply lease provide the following:

  • AdwCleaner[s1].txt.
  • ComboFix.txt.

Link to post
Share on other sites

# AdwCleaner v2.104 - Logfile created 12/30/2012 at 21:18:18

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Adam - ADAM-PC

# Boot Mode : Normal

# Running from : C:\Users\Adam\Downloads\adwcleaner (1).exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Adam\Desktop\Search The Web.url

File Deleted : C:\Users\Adam\Desktop\sweetpcfix.url

File Deleted : C:\Users\Public\Desktop\eBay.lnk

Folder Deleted : C:\Program Files (x86)\SweetIM

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\ProgramData\SweetIM

Folder Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Folder Deleted : C:\Users\Adam\AppData\Local\Temp\boost_interprocess

Folder Deleted : C:\Users\Adam\AppData\LocalLow\SweetIM

Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\SweetIM

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1

Key Deleted : HKLM\SOFTWARE\Classes\sim-packages

Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook

Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

Key Deleted : HKLM\Software\SweetIM

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetIM]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetpacks Communicator]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.17153

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5983 octets] - [30/12/2012 11:03:18]

AdwCleaner[R2].txt - [6047 octets] - [30/12/2012 21:17:44]

AdwCleaner[s1].txt - [6030 octets] - [30/12/2012 21:18:18]

########## EOF - C:\AdwCleaner[s1].txt - [6090 octets] ##########

Link to post
Share on other sites

ComboFix 12-12-30.01 - Adam 30/12/2012 21:36:00.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2807.1746 [GMT 0:00]

Running from: c:\users\Adam\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\FullRemove.exe

c:\users\Adam\GoToAssistDownloadHelper.exe

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))

.

.

2012-12-30 22:11 . 2012-12-30 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-30 11:12 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CCE1A2-9382-407E-B50F-9218C4B91A7C}\mpengine.dll

2012-12-29 09:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-22 06:52 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-22 06:52 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 06:52 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 06:52 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-14 23:30 . 2012-12-14 23:30 -------- d-----w- c:\users\Adam\AppData\Local\Programs

2012-12-14 23:19 . 2012-12-14 23:19 -------- d-----w- c:\users\Adam\AppData\Local\ArcSoft

2012-12-14 23:19 . 2012-12-17 23:32 -------- d-----w- c:\programdata\ArcSoft

2012-12-14 23:19 . 2012-12-14 23:20 -------- d-----w- c:\users\Adam\AppData\Roaming\Arcsoft

2012-12-14 23:18 . 2012-12-14 23:19 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft

2012-12-14 23:16 . 2012-12-14 23:18 -------- d-----w- c:\program files (x86)\ArcSoft

2012-12-11 23:03 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-11 23:03 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-11 23:03 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-12-11 23:01 . 2012-10-04 17:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-14 16:49 . 2011-04-20 06:04 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 04:31 . 2011-04-30 14:39 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-28 14:47 . 2012-11-28 14:47 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB4C8BDB-0B27-4350-BF28-9AB7A5D80D92}\gapaengine.dll

2012-10-28 22:29 . 2012-10-28 22:29 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-16 21:20 . 2012-11-28 07:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20 . 2012-11-28 07:45 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34 . 2012-11-28 07:45 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-04 16:45 . 2012-12-11 23:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2012-06-11 15:22 1307728 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-21 39408]

"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-06-07 618496]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

.

c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 11776]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-03-01 239136]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-07-21 135168]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-03-17 866336]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:15]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:15]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core.job

- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 15:15]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA.job

- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 15:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 410648]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-05 206208]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

Link to post
Share on other sites

Hey goa55,

Just a few things that probably slowed your computer down.

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

ok thanks 1 threat a long scan at 5.46 hours

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=fe414e1c51da42458426df61fe107685

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-31 02:16:55

# local_time=2012-12-31 02:16:55 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5892 16777213 88 94 8236476 10602787 0 0

# scanned=238491

# found=1

# cleaned=0

# scan_time=20763

C:\Users\Adam\AppData\Local\Microsoft\Windows Live Mail\Taptaptap.c ecf\Deleted Items\471C6F20-00000022.eml HTML/Phishing.Gen trojan (unable to clean) F32A053A04583E1D2412A68C42A87248BBB92B70 I

Link to post
Share on other sites

Happy New Year goa55! :)

Please navigate to this file and delete if (if present):

C:\Users\Adam\AppData\Local\Microsoft\Windows Live Mail\Taptaptap.c ecf\Deleted Items\471C6F20-00000022.eml

=====

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=====

What issues remain on your computer?

Link to post
Share on other sites

happy new year sorry for the delay wanted to make sure all was ok on laptop. seems fine to me so much faster than before.

i could not find/remove C:\Users\Adam\AppData\Local\Microsoft\Windows Live Mail\Taptaptap.c ecf\Deleted Items\471C6F20-00000022.eml

Results of screen317's Security Check version 0.99.56

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 26

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 21.0.1180.79

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

ESET ESET Online Scanner OnlineScannerApp.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 4%

````````````````````End of Log``````````````````````

\aq

Link to post
Share on other sites

Hello goa55. :)

OK that's fine.

Please do the following updates. Your Windows and Internet Explorer are out of date and by updating to the latest Service Packs you will minimise the risk of future infections through these security patches and fixes.

Service Pack 1 (SP1) is an extremely important update for Vista and Windows 7 and will help reduce the chance of an infection through security patches. I strongly recommend you install this update.

Please open Internet Explorer and follow the instructions below to update Windows:

  • Go to this link: Windows Update
  • Download all the Critical updates, making sure you have selected SP1 and Internet Explorer 9.
  • Once they have been installed, please revisit Windows Update and select any further Critical updates.

Note:

It will be necessary for you to restart the computer during the updates, and return to the Windows Update site several times before all critical updates are installed.

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections.

=====

Next, your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows 7 version:

http://www.java.com/en/download/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: javaicon.gif
  • Select Uninstall.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

=====

Also, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

Finally, your version of Adobe Flash Player is out of date. Please follow these instructions to update to the latest version:

Go to the Adobe Global Notifications Update website here:

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager05.html#118377

A small box to the right within the window should load. Please select how often you would like Adobe to check for a new update for its Flash Player.

Note:
This has to be done separately for Firefox and IE.

If a new version is found:

  • Please tick the License Agreement.
  • Click Install.

    Note:
    If you are running Mozilla Firefox all of its windows will need to be closed.

  • Click Done.

Note: In future if an update is available Adobe will notify you on your Desktop via the Adobe Download Manager.

=====

In your reply please let me know if you have any issues with any of the updates.

Link to post
Share on other sites

great thats gone not sure where it came from. chrome now fast again

so i've up dated

service pack 1

exploerer 9

java

adobe

as a result of the original issues i still have left on my desktop a couple of files

desktop.ini

and another file lock.dk tools order.ods.

there were more of the ghost type files all over the place but most seemed to have gone.

is it ok to delete these

Link to post
Share on other sites

Hey goa55,

Your hidden files are probably showing.

Please set Win7 to show hidden/system files and folders so that you can find them:

  • Please click Start and open My Computer.
  • On the Organize tab, click on Folder and search options.
  • On the View tab, uncheck Hide file extensions for known file types.
  • Also uncheck Hide protected operating system files (Recommended) and click Yes on the warning message.
  • Under Hidden files and folders, check Show hidden files, folders, or drives.
  • Click Apply.
  • Click OK and close My Computer.

I will give you instructions for hiding them again after it looks like your computer is clean.

Did they disappear?

Link to post
Share on other sites

Hello goa55,

You may delete the files in that case.

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

And AdwCleaner:

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.