Jump to content

12 Pups should I remove


Recommended Posts

My pc has been running slow for months, but as we use it less and less it's been largely ignored.

 

Last weekend I decided to address it, and ran ccleaner, changed avira antivirus to avg, ran the antivirus which picked up a programme (some keygen from years ago).

 

It was running fine, until my son used mozilla firefox to go on cbeebie flash games, and since then it's been running slow again.

 

The browser I usually use is chrome, but it seems that since running mozilla it's slowed the whole system down.

 

I've ran a malware bytes scan, and it's picked up 12 pup's. 

 

I haven't deleted them yet, as I'll post on here to see if I should remove.

 

Here is the log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.09.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Mick Emma :: MICKEMMA-PC [administrator]
 
17/08/2013 09:41:56
MBAM-log-2013-08-17 (10-45-10).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 272457
Time elapsed: 58 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
 
Files Detected: 7
C:\Users\Mick Emma\Downloads\4F4C.tmp (PUP.BundleInstaller.DW) -> No action taken.
C:\Users\Mick Emma\Downloads\919E.tmp (PUP.BundleInstaller.DW) -> No action taken.
C:\Users\Mick Emma\Downloads\91FC.tmp (PUP.BundleInstaller.DW) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
 
(end)
 
Link to post
Share on other sites

Hello Nolski77 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Don't remove them for now. Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...

Hello, thanks for the reply, and apologies for my delay in performing the requests.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.31.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Mick Emma :: MICKEMMA-PC [administrator]
 
31/08/2013 07:36:49
MBAM-log-2013-08-31 (08-41-03).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275985
Time elapsed: 43 minute(s), 12 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 10
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken.
HKCU\Software\Datamngr (PUP.Optional.DataMngr) -> No action taken.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
 
Registry Values Detected: 2
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> No action taken.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
 
Files Detected: 9
C:\Users\Mick Emma\Downloads\4F4C.tmp (PUP.BundleInstaller.DW) -> No action taken.
C:\Users\Mick Emma\Downloads\919E.tmp (PUP.BundleInstaller.DW) -> No action taken.
C:\Users\Mick Emma\Downloads\91FC.tmp (PUP.BundleInstaller.DW) -> No action taken.
C:\Users\MickEmma\Downloads\iphonebackupextractor-latest.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Mick Emma\Downloads\Unconfirmed 488045.crdownload (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
 
(end)
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 22/11/2009 18:55:18
System Uptime: 31/08/2013 07:11:36 (1 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core2 Duo CPU     T5450  @ 1.66GHz | N/A | 983/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 179 GiB total, 39.712 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP966: 06/07/2013 21:28:34 - Windows Update
RP967: 10/07/2013 15:07:48 - Windows Update
RP968: 01/08/2013 21:38:33 - Windows Update
RP970: 09/08/2013 10:49:27 - Windows Update
RP971: 09/08/2013 12:11:02 - Installed AVG 2013
RP972: 09/08/2013 12:12:10 - Installed AVG 2013
RP973: 09/08/2013 12:41:10 - Windows Update
RP974: 11/08/2013 15:03:14 - Windows Update
RP975: 17/08/2013 10:55:33 - Windows Update
RP976: 31/08/2013 07:28:36 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader XI (11.0.03)
Albelli Photo books
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AppMon Utility
Avanquest update
AVG 2013
AviSynth 2.5
BitTorrent
Bonjour
calibre
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner
CDBurnerXP
D3DX10
Dropbox
EASEUS Data Recovery Wizard Free Edition 5.0.1
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Stylus SX200 Series Printer Uninstall
fast4photobooks
ffdshow [rev 2583] [2009-01-05]
Free FLAC to MP3 Converter 1.0
GetDiz 4.5
GIMP 2.6.11
Google Chrome
Haali Media Splitter
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iCloud
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
iPhone Backup Extractor
iTunes
Jasc Paint Shop Pro 8
Java 7 Update 6
Java Auto Updater
Java 6 Update 27
Junk Mail filter update
Learning Lodge Navigator
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Suite 2006
Microsoft Digital Image Suite 2006 Editor
Microsoft Digital Image Suite 2006 Library
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MiniTool Partition Wizard Home Edition 7.0
MobileMe Control Panel
Mozilla Firefox 22.0 (x86 en-GB)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC80_x86_v2
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
neroxml
NTFS Undelete v0.94
Numus Auto Disk Builder and Burner 1.7.3
Paint.NET v3.5.8
PowerISO
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Recuva
SABnzbd 0.6.15
Samsung AllShare
SC Ver 2.57
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Sky Player Desktop
Spotify
Stellar Phoenix Photo Recovery v3.5
TeamViewer 7
Texas Instruments PCIxx21/x515 drivers.
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Total Video Converter 3.10
TreeSize Free V2.5
UltraISO Premium V9.36
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Update
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2010 x64 Redistributables
vShare Plugin
VTech Download Agent Library
VU5x64
VU5x86
Win7codecs
Windows 7 USB/DVD Download Tool
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows XP Mode
WinRAR archiver
WinSCP 4.2.9
WinUAE 1.6.1
XP Codec Pack
Xvid Video Codec
Zero Assumption Recovery Version 9
.
==== Event Viewer Messages From Past Week ========
.
31/08/2013 08:13:21, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628).
31/08/2013 08:03:55, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.155.2005.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9700.0&avdelta=1.155.2005.0&asdelta=1.155.2005.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9700.0   Error code: 0x8000ffff   Error description: Catastrophic failure 
31/08/2013 08:03:55, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.155.2005.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9700.0&avdelta=1.155.2005.0&asdelta=1.155.2005.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9700.0   Error code: 0x8000ffff   Error description: Catastrophic failure 
31/08/2013 08:02:28, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.155.2005.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9700.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
31/08/2013 08:02:28, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.155.2005.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9700.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
31/08/2013 08:02:28, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.155.2005.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9700.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
31/08/2013 07:19:39, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
31/08/2013 07:16:58, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Samsung AllShare PC service to connect.
31/08/2013 07:16:58, Error: Service Control Manager [7000]  - The Samsung AllShare PC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
31/08/2013 07:16:10, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
31/08/2013 07:16:10, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
31/08/2013 07:16:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
31/08/2013 07:15:49, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
31/08/2013 07:15:47, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.6.2
Run by Mick Emma at 8:25:55 on 2013-08-31
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.2038.401 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Mick Emma\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\Mick Emma\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Mick Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Mick Emma\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe"  -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3AB9B2F7-CF71-4178-AF13-02C267ED32CB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3AB9B2F7-CF71-4178-AF13-02C267ED32CB}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6594FB14-6F60-4FCE-9C0A-9EF6CA29EBF1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7B03FA9C-BD74-4506-A7F2-2EA6BFA391D0} : DHCPNameServer = 149.254.230.7 149.254.192.126
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Mick Emma\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mick Emma\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
FF - plugin: C:\Users\Mick Emma\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.id - 7a682def000000000000001a80b65d40
FF - user.js: extensions.incredibar_i.instlDay - 15594
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:06:06
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8ESFxBKr
FF - user.js: extensions.incredibar_i.upn2n - 92825039884866459
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10674
FF - user.js: extensions.incredibar_i.ppd - 
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-6-6 69152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-1-11 34032]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S?2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-3 48488]
S3 GCR410P;GEMPLUS GCR410P Serial Smart Card Reader;C:\Windows\System32\drivers\grserial.sys [2009-6-10 38400]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-12-1 14448]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 jumi;%Jumi%;C:\Windows\System32\drivers\jumi.sys [2010-6-3 15160]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-12-31 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-12-31 13280]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2010-1-11 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2010-1-11 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2010-1-11 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2010-1-11 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2010-1-11 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2010-1-11 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2010-1-11 146472]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]
S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2009-11-25 21200]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-6-9 16384]
.
=============== File Associations ===============
.
FileExt: .txt: GetDiz.Document="C:\Program Files (x86)\GetDiz\GetDiz.exe" "%1"
FileExt: .ini: GetDiz.Document="C:\Program Files (x86)\GetDiz\GetDiz.exe" "%1"
ShellExec: pi11.exe: Open="C:\Program Files (x86)\Microsoft Digital Image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-08-31 07:06:56 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EFA624FD-5643-4F7F-817A-B59A3B9944E0}\gapaengine.dll
2013-08-31 06:52:20 -------- d-----w- C:\Windows\System32\MRT
2013-08-11 13:25:23 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B19B4BCB-2096-4761-AE7B-75F94ACF7080}\mpengine.dll
2013-08-09 11:17:58 -------- d-----w- C:\Users\Mick Emma\AppData\Roaming\AVG2013
2013-08-09 11:15:37 -------- d-----w- C:\Users\Mick Emma\AppData\Roaming\TuneUp Software
2013-08-09 11:13:24 -------- d--h--w- C:\$AVG
2013-08-09 11:13:23 -------- d-----w- C:\ProgramData\AVG2013
2013-08-09 11:11:53 -------- d-----w- C:\Program Files (x86)\AVG
2013-08-09 09:07:24 -------- d--h--w- C:\ProgramData\Common Files
2013-08-09 09:07:23 -------- d-----w- C:\Users\Mick Emma\AppData\Local\MFAData
2013-08-09 09:07:23 -------- d-----w- C:\Users\Mick Emma\AppData\Local\Avg2013
2013-08-09 09:07:23 -------- d-----w- C:\ProgramData\MFAData
2013-08-09 08:52:15 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-01 20:47:38 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D0C3A3B-F6D0-4EF1-A3DA-78CA5A94AFC4}\gapaengine.dll
2013-08-01 20:38:55 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-08-01 20:38:55 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-08-01 20:38:49 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-08-01 20:38:48 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-08-01 20:38:48 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-08-01 20:38:47 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-08-01 20:38:47 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-08-01 20:38:47 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-08-01 20:38:46 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-08-01 20:38:40 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-01 20:38:39 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-01 20:37:24 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-08-01 20:37:19 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-08-01 20:37:19 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-01 20:37:18 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-08-01 20:37:18 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-08-01 20:37:17 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-08-01 20:37:13 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-08-01 20:37:13 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-08-01 20:36:03 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-01 20:36:03 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-07-20 00:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 00:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 00:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 00:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-10 00:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-06 20:39:38 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-01 00:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH:  8:35:45.67 ===============
 
 
Link to post
Share on other sites

Step 1

I notice that you are using more than one antivirus program.

  • AVG 2013
  • Microsoft Security Essentials
This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them.

Also, please uninstall BitTorrent and vShare Plugin . When you ready, reboot your PC.

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Hello, due to the laptop running very slow I have had to perform these tasks in safemode.

 

I have uninstalled avg, and BitTorrent, however I have been unable to uninstall Vshare plug in.

 

The JRT log is here.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Professional x64
Ran by Mick Emma on 01/09/2013 at 14:57:52.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3737806752-2066394970-3642140580-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\vshare
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3737806752-2066394970-3642140580-1001\Software\web assistant"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\oneclick
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\oneclickmg
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0D50683-10CF-4F0E-BA73-74BB10B75E83}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\incredibar.com"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\vshare"
Successfully deleted: [Folder] "C:\Users\Mick Emma\appdata\locallow\vuze_remote"
Successfully deleted: [Folder] "C:\Program Files (x86)\perion"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Empty Folder] C:\Users\Mick Emma\appdata\local\{983CECE6-80FD-46E9-9D64-2A43D57E645E}
Successfully deleted: [Empty Folder] C:\Users\Mick Emma\appdata\local\{B50354EE-ADDC-4A2D-A66A-3B112BB407DF}
Successfully deleted: [Folder] "C:\ProgramData\ask"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\user.js
Successfully deleted: [File] C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\searchplugins\search_results.xml
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\prefs.js
 
user_pref("CT2504091..clientLogIsEnabled", false);
user_pref("CT2504091.CTID", "CT2504091");
user_pref("CT2504091.CurrentServerDate", "25-2-2011");
user_pref("CT2504091.DialogsAlignMode", "LTR");
user_pref("CT2504091.DownloadReferralCookieData", "");
user_pref("CT2504091.EMailNotifierPollDate", "Thu Feb 24 2011 21:44:34 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.FeedLastCount129079840422964131", 10);
user_pref("CT2504091.FeedPollDate128891351169457140", "Thu Feb 24 2011 21:24:54 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Feb 24 2011 21:24:54 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.FeedTTL128891351169457140", 40);
user_pref("CT2504091.FirstServerDate", "25-2-2011");
user_pref("CT2504091.FirstTime", true);
user_pref("CT2504091.FirstTimeFF3", true);
user_pref("CT2504091.FixPageNotFoundErrors", true);
user_pref("CT2504091.GroupingServerCheckInterval", 1440);
user_pref("CT2504091.Initialize", true);
user_pref("CT2504091.InitializeCommonPrefs", true);
user_pref("CT2504091.InstallationAndCookieDataSentCount", 2);
user_pref("CT2504091.InstallationType", "UnknownIntegration");
user_pref("CT2504091.InstalledDate", "Thu Feb 24 2011 21:24:48 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.IsGrouping", false);
user_pref("CT2504091.IsMulticommunity", false);
user_pref("CT2504091.IsOpenThankYouPage", false);
user_pref("CT2504091.IsOpenUninstallPage", false);
user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Feb 24 2011 21:24:55 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2504091.LastLogin_3.2.5.2", "Thu Feb 24 2011 21:24:56 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.LatestVersion", "2.7.2.0");
user_pref("CT2504091.Locale", "en-us");
user_pref("CT2504091.MCDetectTooltipHeight", "83");
user_pref("CT2504091.MCDetectTooltipWidth", "295");
user_pref("CT2504091.SearchFromAddressBarIsInit", true);
user_pref("CT2504091.SearchInNewTabEnabled", true);
user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Feb 24 2011 21:24:50 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.ServiceMapLastCheckTime", "Thu Feb 24 2011 21:24:40 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.SettingsLastCheckTime", "Thu Feb 24 2011 21:24:42 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.SettingsLastUpdate", "1297858754");
user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Feb 24 2011 21:24:40 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2504091.UserID", "UN14934450574863409");
user_pref("CT2504091.alertChannelId", "897164");
user_pref("CT2504091.myStuffEnabled", true);
user_pref("CT2504091.myStuffPublihserMinWidth", 400);
user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Thu Feb 24 2011 21:24:48 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Thu Feb 24 2011 21:24:56 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Feb 06 2012 17:13:17 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Feb 06 2012 17:13:17 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "222685bd-fde0-42d9-bcc4-82bc8312adb1");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Feb 24 2011 21:24:33 GMT+0000 (GMT Standard Time)");
user_pref("extensions.incredibar.actvtyRptTime", "1348333227349");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.afterInstallRpt", "sent");
user_pref("extensions.incredibar.cntry", "GB");
user_pref("extensions.incredibar.dfltLng", "EN");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.dfltlng", "EN");
user_pref("extensions.incredibar.dfltsrch", "false");
user_pref("extensions.incredibar.did", "10674");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "3253B02ACB5ADB9C3D061EE4EB23005D");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.hrdid", "7a682def000000000000001a80b65d40");
user_pref("extensions.incredibar.id", "7a682def000000000000001a80b65d40");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15594");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.instlday", "15594");
user_pref("extensions.incredibar.instlref", "");
user_pref("extensions.incredibar.isDcmntCmplt", true);
user_pref("extensions.incredibar.isdcmntcmplt", "false");
user_pref("extensions.incredibar.keywordurl", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1422:06:06");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.newtab", "false");
user_pref("extensions.incredibar.newtaburl", "");
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.prtnrid", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.smplgrp", "none");
user_pref("extensions.incredibar.srch", "");
user_pref("extensions.incredibar.srchprvdr", "");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrid", "base");
user_pref("extensions.incredibar.upn2", "6R8ESFxBKr");
user_pref("extensions.incredibar.upn2n", "92825039884866459");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.1422:06:06");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar.vrsnts", "1.5.11.1422:06:06");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10674");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "7a682def000000000000001a80b65d40");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15594");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.upn2", "6R8ESFxBKr");
user_pref("extensions.incredibar_i.upn2n", "92825039884866459");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:06:06");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extensions.vshare@toolbar.update.enabled", false);
user_pref("vshare.install.date", "1294185600000");
user_pref("vshare.install.dumpFileCount", 0);
user_pref("vshare.install.dumpFileDisabled", false);
user_pref("vshare.install.finished", "1.0.2");
user_pref("vshare.install.guardCount", 1);
user_pref("vshare.install.guardPopupCount", 1);
user_pref("vshare.install.guid", "{73ddc286-be74-46a2-be62-747eaa646aaf}");
user_pref("vshare.install.isDisabled", true);
user_pref("vshare.install.isHidden", true);
user_pref("vshare.install.istoolbarhp", true);
user_pref("vshare.install.istoolbarsearch", true);
user_pref("vshare.install.laststatreq", "1294272000000");
user_pref("vshare.install.newtab", true);
user_pref("vshare.install.overlayVersion", 1);
user_pref("vshare.install.userSPSettings", "Google");
Emptied folder: C:\Users\Mick Emma\AppData\Roaming\mozilla\firefox\profiles\7s6j1j4b.default\minidumps [10 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/09/2013 at 15:02:39.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

The ADW logfile is here.

 

# AdwCleaner v3.001 - Report created 01/09/2013 at 15:08:46
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Mick Emma - MICKEMMA-PC
# Running from : C:\Users\Mick Emma\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Users\Mick Emma\AppData\Local\PackageAware
Folder Deleted : C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\Conduit
Folder Deleted : C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\jetpack
File Deleted : C:\Users\MICKEM~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\searchplugins\web-search.xml
File Deleted : C:\Users\Mick Emma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Mick Emma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v22.0 (en-GB)
 
[ File : C:\Users\Mick Emma\AppData\Roaming\Mozilla\Firefox\Profiles\7s6j1j4b.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.AMAZON_NS_PH.active-buttons.amazontweet.rss.items", "%5B%7B%22title%22%3A%22amazonbooks%3A%2020%20yrs%20ago%20%40RL_Stine's%201st%20Goosebumps%20book-now%20see%201st%20Goosebumps[...]
 
-\\ Google Chrome v
 
[ File : C:\Users\Mick Emma\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [8946 octets] - [01/09/2013 15:08:00]
AdwCleaner[s0].txt - [8913 octets] - [01/09/2013 15:08:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8973 octets] ##########
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.01.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Mick Emma :: MICKEMMA-PC [administrator]

 

01/09/2013 15:14:09

mbam-log-2013-09-01 (15-14-09).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 275723

Time elapsed: 27 minute(s), 21 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 5

C:\Users\Mick Emma\Downloads\4F4C.tmp (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.

C:\Users\Mick Emma\Downloads\919E.tmp (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.

C:\Users\Mick Emma\Downloads\91FC.tmp (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.

C:\Users\Mick Emma\Downloads\iphonebackupextractor-latest.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

C:\Users\Mick Emma\Downloads\Unconfirmed 488045.crdownload (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Good!

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Thanks for reply, it's surprising how much is being picked up.  Some of these have been installed for years, I would not have imagined they could be slowing things down all this time.

 

Here is the text file from eset

 

C:\Users\All Users\Win7codecs\{26384208-8068-4A22-AA02-9E07911B58D7}\Win7codecs.msi Win32/Packed.Autoit.E.Gen application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1] multiple threats
C:\Program Files (x86)\Win7codecs\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application cleaned by deleting - quarantined
C:\ProgramData\Win7codecs\{26384208-8068-4A22-AA02-9E07911B58D7}\Win7codecs.msi Win32/Packed.Autoit.E.Gen application deleted - quarantined
C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView application deleted - quarantined
C:\Users\Mick Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPL0M7AN\stubinst_pkg_en-uk[1].cab Win32/OpenCandy application deleted - quarantined
C:\Users\Mick Emma\Desktop\iPhone Backup Extractor 2.5.6.0 Incl Keygen [vokeon]\iPhone Backup Extractor 2.5.6.0 [vokeon].rar BAT/HostsChanger.A application deleted - quarantined
C:\Users\Mick Emma\Desktop\iPhone Backup Extractor 2.5.6.0 Incl Keygen [vokeon]\iPhone Backup Extractor 2.5.6.0 [vokeon]\iPhone Backup Extractor 2.5.6.0 [vokeon]\Lz0\crack.cmd BAT/HostsChanger.A application cleaned by deleting - quarantined
C:\Users\Mick Emma\Documents\Programmes\Magic.ISO.Maker.v5.4.b251.Incl.-RES-patch\Magic.ISO.Maker.v5.4.b251.Incl.-RES-patch.rar a variant of Win32/HackTool.Patcher.AF application deleted - quarantined
C:\Users\Mick Emma\Documents\Programmes\Magic.ISO.Maker.v5.4.b251.Incl.-RES-patch\Magic.ISO.Maker.v5.4.b251.Incl.-RES-patch\Patch\Magic.ISO.Maker.v5.4.b251_patch.exe a variant of Win32/HackTool.Patcher.AF application cleaned by deleting - quarantined
C:\Users\Mick Emma\Downloads\cbsidlm-cbsi5_3_0_93-Free_Movie_DVD_Maker-ORG-10669082.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\Mick Emma\Downloads\cbsidlm-tr1_7-Free_FLAC_to_MP3_Converter-ORG2-75206134.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantined
C:\Users\Mick Emma\Downloads\winscp429setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\Installer\76abdb.msi Win32/Packed.Autoit.E.Gen application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1] multiple threats cleaned by deleting - quarantined
Link to post
Share on other sites

Good, but let's make another additional scan:

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.