Unable to uninstall Hola Search Toolbar from Programmes

[ZeroG]

Hello there,as the title suggests I have unwittingly downloaded Hola search in the last 12 hours and I would sincerely appreciate any help I can received to remove it. I would like to point out immediately that I am a complete laymen with regards to computers so apologies in advance for that. I am operating Windows Vista.

 

Hola Search became installed whilst I was attempting a free download of Libreoffice via softonic. At first this caused my Google Chrome, Mozilla Firefox and Internet explorer to open all browsers in hola search, whilst also causing my computer to operate extremely slowly. When I opened task manager at this point, my cpu usage was at 100%.

 

I already had superantispyware installed and quickly began a full scan which detected PuP files, which were then quarrantined and deleted by the antivirus, though my computer remained extremely slow both on and offline. After this I attempted to uninstall the holasearch toolbar through control panel-programmes and features, but to no avail. After this I uninstalled Google Chrome (which was my main browser) and then I also unistalled Firefox. I had intended to remove Explorer as well but for some reason, it is not appearing under Programmes and features to be uninstalled. Subsequently I was left with Explorer as my sole browser and after following many internet threads detailing how to uninstall hola search from explorer, I somehow managed to restore google as the default browser. I am no longer being directed to holasearch, though at that time, the computer still operated slowly.

 

Next in the process I downloaded the trial version of Malwarebytes and did a quick scan which found threats and deleted them. This has dramatically improved the performance of my computer and in task manager it is indicating that my CPU usage is operating at around 30% (not sure if this indicates anything). However this is still a greater % than usual and I am still unable to uninstall the hola search toolbar from programmes. I attempted a full scan but this caused the malwarebytes anti-malware to crash.

 

I would sincerely appreciate any help I can get in removing this, this is the first time Ive ever had any sort of virus (knowingly anyway), and am anxious to remove it as quickly as is possible. I have followed the instructions to save dds and attach files, I just wanted to be sure it was necessary and that this was the right place before I post them.

 

Thanks in advance.

[AdvancedSetup]

Hello and
If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txt

P2P/Piracy Warning:
 

 

If you're using

Peer 2 Peer

software such as

uTorrent, BitTorrent

or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have

illegal/cracked software, cracks, keygens etc

. on the system, please remove or uninstall them now and read the policy on

Piracy

.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

• Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
• If the log is too large then you can use attachments by clicking on the More Reply Options button.
• Please enable your system to show hidden files: How to see hidden files in Windows
• Make sure you're subscribed to this topic:
  
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
    

  [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)
  

STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.
  

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
  

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.
  

STEP 03
Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Please download AdwCleaner by Xplode to your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• If prompted by the User Account Control click Yes to allow it to run.
• Under Actions click on the Delete button.
• Click OK on all prompts.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the entire contents of that logfile to your next reply.
• You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
  

STEP 06


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  

 

[ZeroG]

Hello, thank you for your help. As requested the dds and attch files.....

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.17.2
Run by Steve at 6:07:40 on 2013-08-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3032.1079 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avanquest\Hallmark Card Studio\Planner\PLNRnote.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\taskeng.exe
C:\Users\Steve\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\program files\imesh applications\mediabar\datamngr\IEBHO.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: holasearch Helper Object: {DFF9B2DA-EF99-4B26-83CB-7058299999D8} - c:\program files\holasearch\holasearch\1.8.16.16\bh\holasearch.dll
TB: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\program files\imesh applications\mediabar\toolbar\iMeshMediaBarDx.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Holasearch Toolbar: {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - c:\program files\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll
uRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "c:\program files\t-mobile\internetmanager_h\updatedog\ouc.exe"
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DataCardMonitor] c:\program files\t-mobile\internetmanager_h\DataCardMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [pcreg] c:\program files\wrapper_inst\service.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{601be80d-247b-4084-94c7-7a54369db7a2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1E33BFDE-E31D-4F1F-93F8-3DFCF293DAC4} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{41C1A29C-9EDD-4292-942B-7393D1E63B47} : DHCPNameServer = 193.60.48.13 193.60.48.9 193.60.48.8
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-12-22 13184]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-10-16 81920]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-18 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-10-30 101552]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-19 54632]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-12-22 72576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-18 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-18 40776]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-12-22 102784]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-12-22 85248]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-10-27 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-10-27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-10-27 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-10-27 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-10-27 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-10-27 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-10-27 117672]
.
=============== Created Last 30 ================
.
2013-08-18 04:17:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-18 03:22:53 -------- d-----w- c:\users\steve\appdata\roaming\Malwarebytes
2013-08-18 03:22:21 -------- d-----w- c:\programdata\Malwarebytes
2013-08-18 03:22:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-18 03:22:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-17 23:56:59 -------- d-----w- c:\programdata\?Å?ÅÄÅ?Å8520-1533-40C5-AD09-953C574F14BCÄÅ?Å
2013-08-17 23:32:20 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-08-17 23:30:02 -------- d-----w- c:\windows\system32\searchplugins
2013-08-17 23:30:02 -------- d-----w- c:\windows\system32\Extensions
2013-08-17 22:43:59 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-08-17 20:57:31 -------- d-----w- c:\users\steve\appdata\local\avgchrome
2013-08-17 20:54:52 -------- d-----w- c:\programdata\?9?9
2013-08-17 20:54:49 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-08-17 20:52:10 -------- d-----w- c:\users\steve\appdata\local\ShieldApps
2013-08-17 20:51:27 -------- d-----w- c:\program files\PC Registry Shield
2013-08-17 20:50:32 -------- d-----w- c:\program files\wrapper_inst
2013-08-17 20:50:09 -------- d-----w- c:\program files\holasearch
2013-08-17 20:50:01 -------- d-----w- c:\users\steve\appdata\roaming\holasearch
2013-08-17 20:49:28 -------- d-----w- c:\users\steve\appdata\roaming\LibreOffice
2013-08-17 20:49:19 -------- d-----w- c:\programdata\Babylon
2013-08-17 20:49:09 -------- d-----w- c:\users\steve\appdata\roaming\SeeSimilar
2013-08-17 14:30:17 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f48648bd-748c-4632-b08d-0cea4e46aed0}\mpengine.dll
2013-08-15 11:22:43 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-14 02:29:05 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 02:29:05 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 02:29:03 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 02:29:03 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 02:28:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 02:28:31 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 02:28:26 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 02:28:24 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 02:28:23 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 02:28:14 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 02:28:13 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 02:28:12 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 02:28:12 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-10 21:00:50 -------- d-----w- c:\users\steve\appdata\local\Microsoft Help
2013-08-10 20:11:28 -------- d-----w- c:\programdata\Virtualized Applications
2013-08-10 19:42:33 -------- d-----w- c:\users\steve\appdata\local\SoftGrid Client
2013-08-10 19:42:30 -------- d-----w- c:\users\steve\appdata\roaming\SoftGrid Client
2013-08-10 19:37:12 -------- d-----w- c:\users\steve\appdata\roaming\TP
2013-07-28 13:14:09 263576 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-07-28 13:13:26 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-07-28 13:13:13 92056 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-07-28 13:13:13 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-07-28 13:13:09 91552 ----a-w- c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
2013-07-28 13:13:09 91552 ----a-w- c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
2013-07-28 13:13:09 187456 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-07-28 13:13:07 712976 ----a-w- c:\program files\mozilla firefox\helper.exe
2013-07-20 10:23:42 698504 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62b2c4dd-f37e-401e-a156-a0e4f2bdb728}\gapaengine.dll
2013-07-20 10:14:30 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-08-02 12:17:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-02 12:17:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-18 20:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 20:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH:  6:08:21.00 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 16/10/2009 14:26:37
System Uptime: 18/08/2013 05:06:14 (1 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Intel® Celeron® CPU          900  @ 2.20GHz | Microprocessor | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 351 GiB total, 281.243 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 70.926 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 8.518 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #25
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: isatap.{720C151B-04B9-45B9-872E-582D01F32BBA}
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0034
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #32
PNP Device ID: ROOT\*ISATAP\0034
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Apple Application Support
Apple Software Update
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ClamWin Free Antivirus 0.97.7
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CutePDF Writer 2.8
DaisyTrail American Holidays 2011 Digikit
DaisyTrail British Street Party Digikit
DaisyTrail Christmas Crafts Digikit
DaisyTrail Father's Day 2012 Digikit
DaisyTrail Fun at the Fête Digikit
DaisyTrail Halloween 2011 Digikit
DaisyTrail Happy Easter 2012 Digikit
DaisyTrail Happy Hanukkah 2011 Digikit
DaisyTrail In Her Shoes Digikit
DaisyTrail Love Birds Digikit
DaisyTrail Mother's Day 2012 Digikit
DaisyTrail New Beginnings Digikit
DaisyTrail New Year 2012 Digikit
DaisyTrail Thankgiving 2011 Digikit
DaisyTrail Valentine's 2012 Digikit
Dell Resource CD
Dell Wireless WLAN Card Utility
docrafts DIGITAL Designer
docrafts Digital Designer™
Football Manager 2010
Foxit Reader
Hallmark Card Studio
holasearch toolbar 
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
IDT Audio
Intel® Graphics Media Accelerator Driver
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell Miniport Driver
McAfee Security Scan Plus
McAfee SiteAdvisor
MediaBar
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PowerDVD DX
QuickTime
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Serif CraftArtist Baby Photos Collection
Serif CraftArtist Greeting Cards Collection
Serif CraftArtist Professional
Serif CraftArtist Scrapbooks Collection
Serif CraftArtist Wedding Days Collection
SUPERAntiSpyware
T-Mobile Internet Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================
 

[AdvancedSetup]

Thanks, please proceed with the other steps.

[ZeroG]

Thank you, Am I right in thinking you want the rogue killer file next? I have done the steps before that but it seems the instructions say that the rogue killer is the next file you need?

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Scan -- Date : 08/18/2013 10:05:03
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Steve\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Documents and Settings\Steve\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++
--- User ---
[MBR] 45ce8bc495b4a54dd13e3aa15c01f315
[bSP] 270588f10d9c66ca38d8b1a909a72dfc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 102400 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 240517120 | Size: 359499 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08182013_100503.txt >>

 

 

[AdvancedSetup]

Basically run them one by one as listed and once completed post back all of them.  It's quite late for me so I'll be leaving soon but go ahead and post back when ready and I'll try to check back on you tomorrow if I can.

 

Thanks

[ZeroG]

ok no problem will do, Im in the process of doing them all now anyway so no problem. Thank you again for your help.

[ZeroG]

Right there was an oversight at the beginning of this. I didnt disable all of my antiviruses and accidently left windows security essentials on. I have started the entire process again so please disregard the information above and consider this the start from here.

 

Starting again with the dds files.....

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.17.2
Run by Steve at 11:53:32 on 2013-08-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3032.850 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avanquest\Hallmark Card Studio\Planner\PLNRnote.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Holasearch Toolbar: {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - c:\program files\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll
uRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "c:\program files\t-mobile\internetmanager_h\updatedog\ouc.exe"
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DataCardMonitor] c:\program files\t-mobile\internetmanager_h\DataCardMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [pcreg] c:\program files\wrapper_inst\service.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{601be80d-247b-4084-94c7-7a54369db7a2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1E33BFDE-E31D-4F1F-93F8-3DFCF293DAC4} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{41C1A29C-9EDD-4292-942B-7393D1E63B47} : DHCPNameServer = 193.60.48.13 193.60.48.9 193.60.48.8
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-12-22 13184]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 MpKsl096009a8;MpKsl096009a8;c:\programdata\microsoft\microsoft antimalware\definition updates\{f48648bd-748c-4632-b08d-0cea4e46aed0}\MpKsl096009a8.sys [2013-8-18 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-10-16 81920]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-18 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-10-30 101552]
R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-19 54632]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-12-22 72576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-18 22856]
S2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-12-22 102784]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-12-22 85248]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-10-27 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-10-27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-10-27 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-10-27 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-10-27 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-10-27 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-10-27 117672]
.
=============== Created Last 30 ================
.
2013-08-18 10:14:27 -------- d-----w- c:\windows\ERUNT
2013-08-18 09:08:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-18 05:08:22 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f48648bd-748c-4632-b08d-0cea4e46aed0}\MpKsl096009a8.sys
2013-08-18 03:22:53 -------- d-----w- c:\users\steve\appdata\roaming\Malwarebytes
2013-08-18 03:22:21 -------- d-----w- c:\programdata\Malwarebytes
2013-08-18 03:22:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-18 03:22:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-17 23:56:59 -------- d-----w- c:\programdata\?Å?ÅÄÅ?Å8520-1533-40C5-AD09-953C574F14BCÄÅ?Å
2013-08-17 23:32:20 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-08-17 23:30:02 -------- d-----w- c:\windows\system32\searchplugins
2013-08-17 23:30:02 -------- d-----w- c:\windows\system32\Extensions
2013-08-17 22:43:59 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-08-17 20:57:31 -------- d-----w- c:\users\steve\appdata\local\avgchrome
2013-08-17 20:54:52 -------- d-----w- c:\programdata\?9?9
2013-08-17 20:54:49 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-08-17 20:52:10 -------- d-----w- c:\users\steve\appdata\local\ShieldApps
2013-08-17 20:51:27 -------- d-----w- c:\program files\PC Registry Shield
2013-08-17 20:50:32 -------- d-----w- c:\program files\wrapper_inst
2013-08-17 20:50:09 -------- d-----w- c:\program files\holasearch
2013-08-17 20:50:01 -------- d-----w- c:\users\steve\appdata\roaming\holasearch
2013-08-17 20:49:28 -------- d-----w- c:\users\steve\appdata\roaming\LibreOffice
2013-08-17 20:49:09 -------- d-----w- c:\users\steve\appdata\roaming\SeeSimilar
2013-08-17 14:30:17 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f48648bd-748c-4632-b08d-0cea4e46aed0}\mpengine.dll
2013-08-15 11:22:43 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-14 02:29:05 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 02:29:05 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 02:29:03 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 02:29:03 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 02:28:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 02:28:31 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 02:28:26 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 02:28:24 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 02:28:23 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 02:28:14 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 02:28:13 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 02:28:12 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 02:28:12 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-10 21:00:50 -------- d-----w- c:\users\steve\appdata\local\Microsoft Help
2013-08-10 20:11:28 -------- d-----w- c:\programdata\Virtualized Applications
2013-08-10 19:42:33 -------- d-----w- c:\users\steve\appdata\local\SoftGrid Client
2013-08-10 19:42:30 -------- d-----w- c:\users\steve\appdata\roaming\SoftGrid Client
2013-08-10 19:37:12 -------- d-----w- c:\users\steve\appdata\roaming\TP
2013-07-28 13:14:09 263576 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-07-28 13:13:26 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-07-28 13:13:13 92056 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-07-28 13:13:13 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-07-28 13:13:09 187456 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-07-28 13:13:07 712976 ----a-w- c:\program files\mozilla firefox\helper.exe
2013-07-20 10:23:42 698504 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62b2c4dd-f37e-401e-a156-a0e4f2bdb728}\gapaengine.dll
2013-07-20 10:14:30 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-08-02 12:17:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-02 12:17:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-18 20:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 20:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 11:53:53.10 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 16/10/2009 14:26:37
System Uptime: 18/08/2013 05:06:14 (6 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Intel® Celeron® CPU          900  @ 2.20GHz | Microprocessor | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 351 GiB total, 280.175 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 70.926 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 8.518 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #25
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: isatap.{720C151B-04B9-45B9-872E-582D01F32BBA}
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0034
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #32
PNP Device ID: ROOT\*ISATAP\0034
Service: tunnel
.
==== System Restore Points ===================
.
RP6: 16/10/2009 13:20:11 - Installed Dell Resource CD.
RP8: 16/10/2009 13:23:05 - Installed Realtek USB 2.0 Card Reader
RP9: 16/10/2009 13:23:14 - Device Driver Package Install: Realtek Semiconductor Corp. Universal Serial Bus controllers
RP10: 16/10/2009 13:23:57 - Device Driver Package Install: IDT Sound, video and game controllers
RP12: 16/10/2009 13:24:53 - Installed IDT Audio
RP13: 16/10/2009 13:26:17 - Device Driver Package Install: Intel Corporation Display adapters
RP14: 16/10/2009 13:28:03 - Device Driver Package Install: Intel IDE ATA/ATAPI controllers
RP15: 16/10/2009 13:28:13 - Device Driver Package Install: Intel System devices
RP16: 16/10/2009 13:28:36 - Device Driver Package Install: Intel System devices
RP17: 16/10/2009 13:28:46 - Device Driver Package Install: Intel System devices
RP18: 16/10/2009 13:31:29 - Device Driver Package Install: Broadcom Network adapters
RP19: 16/10/2009 13:53:57 - Device Driver Package Install: Roland Sound, video and game controllers
RP20: 16/10/2009 13:57:54 - Installed MSM32Installer
RP21: 17/11/2009 20:22:05 - Scheduled Checkpoint
RP22: 18/11/2009 16:12:49 - Scheduled Checkpoint
RP23: 24/11/2009 20:16:59 - Scheduled Checkpoint
RP24: 14/12/2009 18:24:26 - Scheduled Checkpoint
RP25: 05/01/2010 17:59:48 - Scheduled Checkpoint
RP26: 12/01/2010 18:58:54 - Scheduled Checkpoint
RP27: 27/01/2010 18:52:53 - Scheduled Checkpoint
RP28: 28/01/2010 22:11:19 - Scheduled Checkpoint
RP29: 17/03/2010 17:12:39 - Scheduled Checkpoint
RP30: 24/05/2010 13:28:18 - Scheduled Checkpoint
RP31: 28/05/2010 13:26:53 - Scheduled Checkpoint
RP32: 15/06/2010 19:28:30 - Scheduled Checkpoint
RP33: 16/06/2010 13:37:39 - Scheduled Checkpoint
RP34: 19/06/2010 12:30:29 - Scheduled Checkpoint
RP35: 16/08/2010 12:10:45 - Scheduled Checkpoint
RP36: 16/11/2010 09:25:08 - Scheduled Checkpoint
RP37: 08/02/2011 17:02:55 - Scheduled Checkpoint
RP38: 31/05/2011 16:28:42 - Scheduled Checkpoint
RP39: 29/07/2011 19:34:45 - Scheduled Checkpoint
RP40: 29/08/2011 14:39:37 - Scheduled Checkpoint
RP41: 31/08/2011 15:24:26 - Scheduled Checkpoint
RP42: 07/10/2011 13:53:13 - Scheduled Checkpoint
RP43: 09/10/2011 13:18:32 - Scheduled Checkpoint
RP44: 23/10/2011 15:18:37 - Scheduled Checkpoint
RP835: 01/08/2013 19:38:15 - Scheduled Checkpoint
RP836: 03/08/2013 16:03:20 - Windows Update
RP837: 07/08/2013 10:36:25 - Windows Update
RP838: 08/08/2013 15:36:43 - Windows Update
RP839: 10/08/2013 21:30:31 - Removed Microsoft Office Click-to-Run 2010
RP840: 10/08/2013 22:08:49 - Removed Microsoft Office Click-to-Run 2010
RP841: 12/08/2013 13:00:30 - Windows Update
RP842: 15/08/2013 03:00:22 - Windows Update
RP843: 17/08/2013 21:02:40 - Removed Microsoft Office Click-to-Run 2010
RP844: 17/08/2013 21:40:04 - Installed LibreOffice 4.1.0.4
RP845: 17/08/2013 23:46:59 - Removed LibreOffice 4.1.0.4
RP846: 18/08/2013 00:15:04 - Removed PC Registry Shield
RP847: 18/08/2013 00:16:31 - Installed LibreOffice 4.1.0.4
RP848: 18/08/2013 01:40:25 - Removed Sony Ericsson Media Manager 1.2
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Apple Application Support
Apple Software Update
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ClamWin Free Antivirus 0.97.7
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CutePDF Writer 2.8
DaisyTrail American Holidays 2011 Digikit
DaisyTrail British Street Party Digikit
DaisyTrail Christmas Crafts Digikit
DaisyTrail Father's Day 2012 Digikit
DaisyTrail Fun at the Fête Digikit
DaisyTrail Halloween 2011 Digikit
DaisyTrail Happy Easter 2012 Digikit
DaisyTrail Happy Hanukkah 2011 Digikit
DaisyTrail In Her Shoes Digikit
DaisyTrail Love Birds Digikit
DaisyTrail Mother's Day 2012 Digikit
DaisyTrail New Beginnings Digikit
DaisyTrail New Year 2012 Digikit
DaisyTrail Thankgiving 2011 Digikit
DaisyTrail Valentine's 2012 Digikit
Dell Resource CD
Dell Wireless WLAN Card Utility
docrafts DIGITAL Designer
docrafts Digital Designer™
ERUNT 1.1j
Football Manager 2010
Foxit Reader
Hallmark Card Studio
holasearch toolbar 
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
IDT Audio
Intel® Graphics Media Accelerator Driver
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell Miniport Driver
McAfee Security Scan Plus
McAfee SiteAdvisor
MediaBar
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PowerDVD DX
QuickTime
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Serif CraftArtist Baby Photos Collection
Serif CraftArtist Greeting Cards Collection
Serif CraftArtist Professional
Serif CraftArtist Scrapbooks Collection
Serif CraftArtist Wedding Days Collection
SUPERAntiSpyware
T-Mobile Internet Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================
 

[ZeroG]

Rkill I run this several times, it identified problems and dealt with them.

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/18/2013 11:57:39 AM in x86 mode.
Windows Version: Windows Vista Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 08/18/2013 11:58:04 AM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)

[ZeroG]

RougeKiller Report

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Scan -- Date : 08/18/2013 12:02:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Steve\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Documents and Settings\Steve\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++
--- User ---
[MBR] 45ce8bc495b4a54dd13e3aa15c01f315
[bSP] 270588f10d9c66ca38d8b1a909a72dfc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 102400 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 240517120 | Size: 359499 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08182013_120259.txt >>
RKreport[0]_S_08182013_100503.txt;RKreport[0]_S_08182013_113920.txt

[ZeroG]

mbar log

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.18.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [administrator]

18/08/2013 12:05:12
mbar-log-2013-08-18 (12-05-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 228945
Time elapsed: 52 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

system log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 3178897408, free: 1044303872

Downloaded database version: v2013.08.17.04
Initializing...
------------ Kernel report ------------
     08/18/2013 10:08:44
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\ajnkqiyw.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\drivers\BMLoad.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\tcpipBM.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\RTSTOR.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\fssfltr.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\s0017cr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Users\Steve\AppData\Local\Temp\mbr.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F48648BD-748C-4632-B08D-0CEA4E46AED0}\MpKsl096009a8.sys
\??\C:\Windows\system32\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85b95ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85b2cb98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85b95ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85bb3660, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85b95ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85b2cb98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 4
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F5623874

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 81920  Numsec = 30720000

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30801920  Numsec = 209715200
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 240517120  Numsec = 736253952

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_30801920_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 3178897408, free: 1743634432

Downloaded database version: v2013.08.18.01
Initializing...
------------ Kernel report ------------
     08/18/2013 12:05:06
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\ajnkqiyw.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\drivers\BMLoad.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\tcpipBM.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\RTSTOR.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\fssfltr.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\s0017cr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\??\C:\Users\Steve\AppData\Local\Temp\mbr.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F48648BD-748C-4632-B08D-0CEA4E46AED0}\MpKsl096009a8.sys
\??\C:\Windows\system32\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85b95ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85b2cb98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85b95ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85bb3660, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85b95ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85b2cb98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 4
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F5623874

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 81920  Numsec = 30720000

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30801920  Numsec = 209715200
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 240517120  Numsec = 736253952

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_30801920_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

[ZeroG]

Junkware report

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows Vista Home Premium x86
Ran by Steve on 18/08/2013 at 13:10:42.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/08/2013 at 13:14:57.51
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ZeroG]

AdW cleaner report

 

# AdwCleaner v2.306 - Logfile created 08/18/2013 at 13:21:04
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)
# User : Steve - STEVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\imeshwebsearch.xml
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Program Files\holasearch
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Steve\AppData\Local\iMesh
Folder Deleted : C:\Users\Steve\AppData\Local\PackageAware
Folder Deleted : C:\Users\Steve\AppData\Roaming\holasearch
Folder Deleted : C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Steve\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\holasearch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\holasearch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Key Deleted : HKLM\SOFTWARE\a6d7d0b36fbe10
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\holasearch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\holasearch
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16502

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [2620 octets] - [18/08/2013 13:21:04]

########## EOF - C:\AdwCleaner[s1].txt - [2680 octets] ##########

[ZeroG]

Eset Scanner detected one threat. I had difficulty saving this to the desktop, wouldnt save as a txt file, had to save it under all files.

 

C:\Users\Steve\Downloads\clamwin-0.97.6-setup-nodb.exe a variant of Win32/Bundled.Toolbar.Ask application
 

[ZeroG]

This is as far as I can go, my computer will now not allow me to download farbar recovery scan tool, under actions it gives me two options of dont run this programme (recommended) or delete Delete when I click more options it gives me the option to run away. That concludes the 7 steps I now await further instruction.

[ZeroG]

One last thing, I checked for the Hola Search Toolbar in programmes and features now and it it is no longer there, wasnt sure if that was relevent information or not. Thanks in advance.

[AdvancedSetup]

You need to disable your antivirus and download the tools and run them.  Once done then you can re-enable your antivirus.

[ZeroG]

Oh thats strange as I did disable them. I have security essentials and superantispyware and I disabled them both as instructed on the link. I do also have mcafee security scan and clamwin but as far as Im aware neither of those offer real time protection and simply operate to scan and detect virus's afterwards

[ZeroG]

Just to clarify the situation, I began following the instructions with superantispyware disabled but not Security essentials. I then realised my mistake as outlined in post #8. From this point on I started again from the beginning and listed my results. The antispyware was then disabled throughout, I didnt reactivate it until after I was unsuccesful in downloading farber recovery scan tool.

 

Sorry to be a pain, but I just wanted to make sure you saw that I noticed my error and started again. Do I definitely have to start again? Thank you.

[AdvancedSetup]

Please restart the computer in Safe Mode with Networking and see if you can download the FRST tool or not.  If not then you're going to need access to another computer so that you can download the tools and either save to USB stick or CD/DVD

[ZeroG]

Ok. I opened up the computer in Safe mode with networking but for some reason my mobile broadband dongle will not connect to the internet in that mode. Unfortunately I do not have access to another network or computer for several days. Is there any other step I can take from here? No problem if not, I guess I will just have to wait but I am keen to do whatever I can if there are any other possibilities.

[AdvancedSetup]

If you can download this tool we can try it.

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[ZeroG]

Ok I have run that programme and have the log ready to go, just a little embarrasing problem, i dont know how to attach the file. Sorry this must be frustrating for you dealing with me.

[AdvancedSetup]

You can open it in notepad and select ALL, Copy/Paste directly here if not too big.  If its too big you can click on the "More Reply Options" and then you'll have the opportunity to attach files if needed.

[ZeroG]

ComboFix 13-08-18.01 - Steve 19/08/2013   2:13.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3032.1851 [GMT 1:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
E:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-19 to 2013-08-19  )))))))))))))))))))))))))))))))
.
.
2013-08-19 01:21 . 2013-08-19 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-19 00:34 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CAD3A91-0444-4010-8175-77201C3E9D83}\mpengine.dll
2013-08-18 13:48 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-18 12:29 . 2013-08-18 12:29 -------- d-----w- c:\program files\ESET
2013-08-18 10:14 . 2013-08-18 10:14 -------- d-----w- c:\windows\ERUNT
2013-08-18 09:08 . 2013-08-18 11:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-18 08:59 . 2013-08-18 08:59 -------- d-----w- c:\program files\ERUNT
2013-08-18 03:22 . 2013-08-18 03:22 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2013-08-18 03:22 . 2013-08-18 03:22 -------- d-----w- c:\programdata\Malwarebytes
2013-08-18 03:22 . 2013-08-18 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-18 03:22 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-17 23:56 . 2013-08-17 23:56 -------- d-----w- c:\progra~2\8520-1~4
2013-08-17 23:32 . 2013-08-17 23:32 -------- d-----w- c:\progra~2\8520-1~3
2013-08-17 23:30 . 2013-08-17 23:30 -------- d-----w- c:\windows\system32\searchplugins
2013-08-17 23:30 . 2013-08-17 23:30 -------- d-----w- c:\windows\system32\Extensions
2013-08-17 22:43 . 2013-08-17 22:43 -------- d-----w- c:\progra~2\8520-1~2
2013-08-17 20:57 . 2013-08-17 20:57 -------- d-----w- c:\users\Steve\AppData\Local\avgchrome
2013-08-17 20:54 . 2013-08-17 20:54 -------- d-----w- c:\progra~2\99554C~1
2013-08-17 20:54 . 2013-08-17 20:54 -------- d-----w- c:\progra~2\8520-1~1
2013-08-17 20:52 . 2013-08-17 20:52 -------- d-----w- c:\users\Steve\AppData\Local\ShieldApps
2013-08-17 20:51 . 2013-08-17 23:15 -------- d-----w- c:\program files\PC Registry Shield
2013-08-17 20:50 . 2013-08-17 20:51 -------- d-----w- c:\program files\wrapper_inst
2013-08-17 20:49 . 2013-08-17 20:49 -------- d-----w- c:\users\Steve\AppData\Roaming\LibreOffice
2013-08-17 20:49 . 2013-08-17 20:49 -------- d-----w- c:\users\Steve\AppData\Roaming\SeeSimilar
2013-08-14 02:29 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 02:29 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 02:29 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 02:29 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 02:28 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 02:28 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 02:28 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 02:28 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 02:28 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 02:28 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 02:28 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 02:28 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 02:28 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-10 21:00 . 2013-08-10 21:00 -------- d-----w- c:\programdata\Microsoft Help
2013-08-10 21:00 . 2013-08-10 21:00 -------- d-----w- c:\users\Steve\AppData\Local\Microsoft Help
2013-08-10 20:11 . 2013-08-10 21:06 -------- d-----w- c:\programdata\Virtualized Applications
2013-08-10 19:42 . 2013-08-10 21:06 -------- d-----w- c:\users\Steve\AppData\Local\SoftGrid Client
2013-08-10 19:42 . 2013-08-17 20:02 -------- d-----w- c:\users\Steve\AppData\Roaming\SoftGrid Client
2013-08-10 19:37 . 2013-08-17 19:20 -------- d-----w- c:\users\Steve\AppData\Roaming\TP
2013-07-20 10:23 . 2013-07-20 10:21 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62B2C4DD-F37E-401E-A156-A0E4F2BDB728}\gapaengine.dll
2013-07-20 10:14 . 2013-08-15 02:09 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-02 12:17 . 2012-12-09 07:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-02 12:17 . 2011-06-19 16:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-21 13:51 . 2011-08-11 18:43 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-18 20:50 . 2013-06-18 20:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 20:50 . 2012-03-20 19:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-04 01:50 . 2013-07-13 13:30 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06 . 2013-07-13 13:30 505344 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-17 5703920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-11 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 154136]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2013-03-22 86016]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-18 483420]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"DataCardMonitor"="c:\program files\T-Mobile\InternetManager_H\DataCardMonitor.exe" [2012-12-22 253952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"pcreg"="c:\program files\wrapper_inst\service.exe" [2013-08-17 346720]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2970680302-2301816736-3001710448-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-11-17 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-09 12:17]
.
2013-08-17 c:\windows\Tasks\At1.job
- c:\program files\wrapper_inst\service.exe [2013-08-17 20:50]
.
2013-08-19 c:\windows\Tasks\pcreg.job
- c:\program files\wrapper_inst\service.exe [2013-08-17 20:50]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)
Toolbar-Locked - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
AddRemove-iMesh MediaBar - c:\program files\iMesh Applications\MediaBar\uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\T-Mobile\InternetManager_H\DataCardMonitor.exe????x????P???????;c:\windows\Syst???y???? h???????????????????????????????8??????am Files\T-Mobile\InternetManager_H\?t S????????c:\program files\T-Mobile\InternetManager_H\?2.tW??W?????8??????
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\progra~1\mcafee\SITEAD~1\mcsacore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\Steve\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
.
**************************************************************************
.
Completion time: 2013-08-19  02:30:44 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-19 01:30
.
Pre-Run: 285,720,875,008 bytes free
Post-Run: 286,641,160,192 bytes free
.
- - End Of File - - 2C02C7A4B95A77DEBC68B99C86DC4C2E
5C616939100B85E558DA92B899A0FC36