Jump to content

Unable to uninstall Hola Search Toolbar from Programmes

ZeroG

By ZeroG
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay that looks like it was able to remove some items for us.

 

Please visit this site and reset IE

 

How to reset Internet Explorer settings

 

 

Now restart the computer now and see if you're able to download FRST now and let me know.

If so then please download it and run it as requested and post back the log

Link to post
Share on other sites
ZeroG

ZeroG

Posted
  • Author
Posted

FRST loaded this time, though when prompted to update to the most recent I kept attempting to, only for it to return to the original page where it would ask me to run it which i would, to which it would prompt me and so forth. In the end i declined to update it to the most recent, dont know if that affects anything but thought it may be worth mentioning.

 

here is the frst log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013
Ran by Steve (administrator) on 19-08-2013 03:48:56
Running from C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S1W0266
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(alch) C:\Program Files\ClamWin\bin\ClamTray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Huawei Technologies Co., Ltd.) C:\Users\Steve\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
() C:\Program Files\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\T-Mobile\InternetManager_H\bmsdk.exe
(Bytemobile, Inc.) C:\Program Files\T-Mobile\InternetManager_H\bmctl.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S1W0266\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3810304 2008-11-17] (Dell Inc.)
HKLM\...\Run: [ClamWin] - C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2013-03-22] (alch)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-04-02] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [DataCardMonitor] - C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe [253952 2012-12-22] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [pcreg] - C:\Program Files\wrapper_inst\service.exe [346720 2013-08-17] ()
HKCU\...\Run: [sony Ericsson PC Suite] - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [393216 2008-07-02] (Sony Ericsson Mobile Communications AB)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-17] (SUPERAntiSpyware)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{720C151B-04B9-45B9-872E-582D01F32BBA}: [NameServer]149.254.230.7 149.254.192.126

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-11-17] (Andrea Electronics Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [101552 2013-05-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-11-18] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.)
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [x]

==================== Drivers (Whitelisted) ====================

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85248 2010-11-04] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-19 03:47 - 2013-08-19 03:47 - 01069895 _____ (Farbar) C:\Users\Steve\Downloads\FRST (2).exe
2013-08-19 02:30 - 2013-08-19 02:30 - 00013336 _____ C:\ComboFix.txt
2013-08-19 02:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-19 02:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-19 02:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-19 02:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-19 02:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-19 02:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-19 02:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-19 02:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-19 02:09 - 2013-08-19 02:30 - 00000000 ____D C:\Qoobox
2013-08-19 02:06 - 2013-08-19 02:06 - 05105231 ____R (Swearware) C:\Users\Steve\Desktop\ComboFix.exe
2013-08-19 01:31 - 2013-08-19 01:31 - 01069895 _____ (Farbar) C:\Users\Steve\Downloads\FRST (1).exe
2013-08-18 14:46 - 2013-08-18 14:46 - 01069795 _____ (Farbar) C:\Users\Steve\Downloads\FRST.exe
2013-08-18 14:34 - 2013-08-18 14:34 - 00000107 _____ C:\Users\Steve\Desktop\eset txt.txt
2013-08-18 14:33 - 2013-08-18 14:33 - 00000126 _____ C:\Users\Steve\Desktop\Eset manual copy of threat.txt
2013-08-18 13:29 - 2013-08-18 13:29 - 00000000 ____D C:\Program Files\ESET
2013-08-18 13:28 - 2013-08-18 13:28 - 02347384 _____ (ESET) C:\Users\Steve\Desktop\esetsmartinstaller_enu.exe
2013-08-18 13:21 - 2013-08-18 13:21 - 00002749 _____ C:\AdwCleaner[s1].txt
2013-08-18 13:20 - 2013-08-18 13:20 - 00666633 _____ C:\Users\Steve\Desktop\AdwCleaner.exe
2013-08-18 13:14 - 2013-08-18 13:14 - 00000878 _____ C:\Users\Steve\Desktop\JRT.txt
2013-08-18 12:02 - 2013-08-18 12:02 - 00004512 _____ C:\Users\Steve\Desktop\RKreport[0]_S_08182013_120259.txt
2013-08-18 11:20 - 2013-08-18 11:20 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds (1).scr
2013-08-18 11:14 - 2013-08-18 11:14 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 11:07 - 2013-08-18 11:07 - 01018166 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe
2013-08-18 10:08 - 2013-08-18 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-18 10:07 - 2013-08-18 12:57 - 00000000 ____D C:\Users\Steve\Desktop\mbar
2013-08-18 10:06 - 2013-08-18 10:06 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Steve\Desktop\mbar-1.06.1.1005.exe
2013-08-18 10:02 - 2013-08-18 10:06 - 00000000 ____D C:\Users\Steve\Desktop\RK_Quarantine
2013-08-18 10:00 - 2013-08-19 02:29 - 00000000 ____D C:\Windows\ERDNT
2013-08-18 10:00 - 2013-08-18 10:00 - 00920576 _____ C:\Users\Steve\Desktop\RogueKiller.exe
2013-08-18 09:59 - 2013-08-18 09:59 - 00000693 _____ C:\Users\Steve\Desktop\NTREGOPT.lnk
2013-08-18 09:59 - 2013-08-18 09:59 - 00000674 _____ C:\Users\Steve\Desktop\ERUNT.lnk
2013-08-18 09:59 - 2013-08-18 09:59 - 00000000 ____D C:\Program Files\ERUNT
2013-08-18 09:58 - 2013-08-18 09:58 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Steve\Downloads\erunt-setup.exe
2013-08-18 09:46 - 2013-08-18 11:58 - 00002198 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-08-18 09:44 - 2013-08-18 09:44 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Steve\Desktop\rkill.exe
2013-08-18 06:10 - 2013-08-18 11:53 - 00016404 _____ C:\Users\Steve\Desktop\dds.txt
2013-08-18 06:10 - 2013-08-18 11:53 - 00008290 _____ C:\Users\Steve\Desktop\attach.txt
2013-08-18 06:07 - 2013-08-18 06:07 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.scr
2013-08-18 04:22 - 2013-08-18 04:22 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Malwarebytes
2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-18 04:22 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-18 02:07 - 2013-08-18 02:07 - 00139344 _____ C:\Windows\Minidump\Mini081813-01.dmp
2013-08-18 00:56 - 2013-08-18 00:56 - 00000000 ____D C:\ProgramData\䇰Å㺠ÅÄÅ㌀Å8520-1533-40C5-AD09-953C574F14BCÄÅ㟐Å
2013-08-18 00:32 - 2013-08-18 00:32 - 00000000 ____D C:\ProgramData\䇰Ǜ㺠ǛÄǛ㌀Ǜ8520-1533-40C5-AD09-953C574F14BCÄǛ㟐Ǜ
2013-08-18 00:30 - 2013-08-18 00:30 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-18 00:30 - 2013-08-18 00:30 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-17 23:43 - 2013-08-17 23:43 - 00000000 ____D C:\ProgramData\䇰Ǐ㺠ǏÄǏ㌀Ǐ8520-1533-40C5-AD09-953C574F14BCÄǏ㟐Ǐ
2013-08-17 21:57 - 2013-08-17 21:57 - 00000000 ____D C:\Users\Steve\AppData\Local\avgchrome
2013-08-17 21:54 - 2013-08-17 21:54 - 00001871 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-17 21:54 - 2013-08-17 21:54 - 00000000 ____D C:\ProgramData\䈈ċ㺸ċÄċ㌘ċ8520-1533-40C5-AD09-953C574F14BCÄċ㟨ċ
2013-08-17 21:54 - 2013-08-17 21:54 - 00000000 ____D C:\ProgramData\99
2013-08-17 21:52 - 2013-08-18 00:03 - 00000000 ____D C:\Users\Steve\Documents\PCRegistyShield
2013-08-17 21:51 - 2013-08-18 00:15 - 00000000 ____D C:\Program Files\PC Registry Shield
2013-08-17 21:50 - 2013-08-19 02:24 - 00000284 _____ C:\Windows\Tasks\pcreg.job
2013-08-17 21:50 - 2013-08-17 22:17 - 00000368 _____ C:\Windows\Tasks\At1.job
2013-08-17 21:50 - 2013-08-17 21:51 - 00000000 ____D C:\Program Files\wrapper_inst
2013-08-17 21:49 - 2013-08-17 21:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SeeSimilar
2013-08-17 21:49 - 2013-08-17 21:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\LibreOffice
2013-08-17 20:15 - 2013-08-17 20:15 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (12).exe
2013-08-17 15:22 - 2013-08-17 15:22 - 00004361 _____ C:\Users\Steve\Downloads\dl.php
2013-08-15 03:03 - 2013-07-25 03:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:03 - 2013-07-25 03:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:03 - 2013-07-25 03:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:03 - 2013-07-25 03:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:03 - 2013-07-25 03:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:03 - 2013-07-25 03:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 03:03 - 2013-07-25 03:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 03:03 - 2013-07-25 03:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:03 - 2013-07-25 03:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:03 - 2013-07-25 03:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:03 - 2013-07-25 03:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:03 - 2013-07-25 03:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 03:03 - 2013-07-25 03:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 03:03 - 2013-07-25 03:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:03 - 2013-07-25 03:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:03 - 2013-07-25 03:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 03:29 - 2013-07-05 04:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 03:29 - 2013-07-05 02:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-14 03:29 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 03:29 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 03:28 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 03:28 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 03:28 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 03:28 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 03:28 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 03:28 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 03:28 - 2013-07-08 05:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 03:28 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 03:28 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-10 22:05 - 2013-08-10 22:05 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (11).exe
2013-08-10 22:00 - 2013-08-10 22:00 - 00000000 ____D C:\Users\Steve\AppData\Local\Microsoft Help
2013-08-10 22:00 - 2013-08-10 22:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-10 21:56 - 2013-08-10 21:57 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (10).exe
2013-08-10 21:51 - 2013-08-10 21:51 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (9).exe
2013-08-10 21:42 - 2013-08-10 21:42 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (8).exe
2013-08-10 21:20 - 2013-08-10 21:20 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (7).exe
2013-08-10 21:18 - 2013-08-10 21:18 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (6).exe
2013-08-10 21:14 - 2013-08-10 21:14 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (5).exe
2013-08-10 21:11 - 2013-08-10 22:06 - 00000000 ____D C:\ProgramData\Virtualized Applications
2013-08-10 21:10 - 2013-08-10 21:11 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (4).exe
2013-08-10 21:10 - 2013-08-10 21:10 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (3).exe
2013-08-10 20:46 - 2013-08-10 20:46 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (2).exe
2013-08-10 20:42 - 2013-08-17 21:02 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SoftGrid Client
2013-08-10 20:42 - 2013-08-10 22:06 - 00000000 ____D C:\Users\Steve\AppData\Local\SoftGrid Client
2013-08-10 20:37 - 2013-08-17 20:20 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TP
2013-08-10 20:37 - 2013-08-10 20:37 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (1).exe
2013-08-10 20:35 - 2013-08-10 20:36 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255.exe
2013-08-03 22:32 - 2013-08-07 03:16 - 00009728 _____ C:\Users\Steve\Desktop\MUMS NHS JOB.wps
2013-07-28 14:13 - 2013-08-18 01:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-20 11:14 - 2013-08-15 03:09 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-08-19 03:48 - 2013-08-19 03:48 - 00000000 ____D C:\FRST
2013-08-19 03:47 - 2013-08-19 03:47 - 01069895 _____ (Farbar) C:\Users\Steve\Downloads\FRST (2).exe
2013-08-19 03:46 - 2012-12-09 08:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-19 03:44 - 2008-01-21 02:35 - 01474997 _____ C:\Windows\WindowsUpdate.log
2013-08-19 02:30 - 2013-08-19 02:30 - 00013336 _____ C:\ComboFix.txt
2013-08-19 02:30 - 2013-08-19 02:09 - 00000000 ____D C:\Qoobox
2013-08-19 02:30 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-08-19 02:30 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-08-19 02:29 - 2013-08-18 10:00 - 00000000 ____D C:\Windows\ERDNT
2013-08-19 02:25 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-08-19 02:24 - 2013-08-17 21:50 - 00000284 _____ C:\Windows\Tasks\pcreg.job
2013-08-19 02:24 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-19 02:24 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-19 02:23 - 2008-01-21 03:47 - 00108752 _____ C:\Windows\PFRO.log
2013-08-19 02:23 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-19 02:22 - 2006-11-02 14:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-19 02:22 - 2006-11-02 11:22 - 37748736 _____ C:\Windows\system32\config\software.bak
2013-08-19 02:22 - 2006-11-02 11:22 - 34603008 _____ C:\Windows\system32\config\COMPON~3.bak
2013-08-19 02:22 - 2006-11-02 11:22 - 26738688 _____ C:\Windows\system32\config\system.bak
2013-08-19 02:22 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-19 02:22 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-08-19 02:22 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\default.bak
2013-08-19 02:06 - 2013-08-19 02:06 - 05105231 ____R (Swearware) C:\Users\Steve\Desktop\ComboFix.exe
2013-08-19 01:31 - 2013-08-19 01:31 - 01069895 _____ (Farbar) C:\Users\Steve\Downloads\FRST (1).exe
2013-08-18 14:46 - 2013-08-18 14:46 - 01069795 _____ (Farbar) C:\Users\Steve\Downloads\FRST.exe
2013-08-18 14:34 - 2013-08-18 14:34 - 00000107 _____ C:\Users\Steve\Desktop\eset txt.txt
2013-08-18 14:33 - 2013-08-18 14:33 - 00000126 _____ C:\Users\Steve\Desktop\Eset manual copy of threat.txt
2013-08-18 14:33 - 2009-10-16 15:31 - 00030908 _____ C:\Users\Steve\AppData\Roaming\wklnhst.dat
2013-08-18 13:29 - 2013-08-18 13:29 - 00000000 ____D C:\Program Files\ESET
2013-08-18 13:28 - 2013-08-18 13:28 - 02347384 _____ (ESET) C:\Users\Steve\Desktop\esetsmartinstaller_enu.exe
2013-08-18 13:21 - 2013-08-18 13:21 - 00002749 _____ C:\AdwCleaner[s1].txt
2013-08-18 13:20 - 2013-08-18 13:20 - 00666633 _____ C:\Users\Steve\Desktop\AdwCleaner.exe
2013-08-18 13:14 - 2013-08-18 13:14 - 00000878 _____ C:\Users\Steve\Desktop\JRT.txt
2013-08-18 12:57 - 2013-08-18 10:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-18 12:57 - 2013-08-18 10:07 - 00000000 ____D C:\Users\Steve\Desktop\mbar
2013-08-18 12:02 - 2013-08-18 12:02 - 00004512 _____ C:\Users\Steve\Desktop\RKreport[0]_S_08182013_120259.txt
2013-08-18 11:58 - 2013-08-18 09:46 - 00002198 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-08-18 11:53 - 2013-08-18 06:10 - 00016404 _____ C:\Users\Steve\Desktop\dds.txt
2013-08-18 11:53 - 2013-08-18 06:10 - 00008290 _____ C:\Users\Steve\Desktop\attach.txt
2013-08-18 11:20 - 2013-08-18 11:20 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds (1).scr
2013-08-18 11:14 - 2013-08-18 11:14 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 11:07 - 2013-08-18 11:07 - 01018166 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe
2013-08-18 10:06 - 2013-08-18 10:06 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Steve\Desktop\mbar-1.06.1.1005.exe
2013-08-18 10:06 - 2013-08-18 10:02 - 00000000 ____D C:\Users\Steve\Desktop\RK_Quarantine
2013-08-18 10:00 - 2013-08-18 10:00 - 00920576 _____ C:\Users\Steve\Desktop\RogueKiller.exe
2013-08-18 09:59 - 2013-08-18 09:59 - 00000693 _____ C:\Users\Steve\Desktop\NTREGOPT.lnk
2013-08-18 09:59 - 2013-08-18 09:59 - 00000674 _____ C:\Users\Steve\Desktop\ERUNT.lnk
2013-08-18 09:59 - 2013-08-18 09:59 - 00000000 ____D C:\Program Files\ERUNT
2013-08-18 09:58 - 2013-08-18 09:58 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Steve\Downloads\erunt-setup.exe
2013-08-18 09:44 - 2013-08-18 09:44 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Steve\Desktop\rkill.exe
2013-08-18 06:07 - 2013-08-18 06:07 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.scr
2013-08-18 04:22 - 2013-08-18 04:22 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Malwarebytes
2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-18 02:57 - 2013-07-08 10:41 - 00000000 ____D C:\Users\Steve\Desktop\Plans
2013-08-18 02:57 - 2013-05-04 16:19 - 00000000 ____D C:\Users\Steve\Desktop\Informa research and Preparation
2013-08-18 02:56 - 2013-05-05 19:30 - 00000000 ____D C:\Users\Steve\Desktop\C.V's and Cover Letters
2013-08-18 02:07 - 2013-08-18 02:07 - 00139344 _____ C:\Windows\Minidump\Mini081813-01.dmp
2013-08-18 02:07 - 2013-05-05 14:07 - 00000000 ____D C:\Windows\Minidump
2013-08-18 02:06 - 2013-05-05 14:07 - 267918059 _____ C:\Windows\MEMORY.DMP
2013-08-18 01:45 - 2009-10-27 02:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-08-18 01:42 - 2009-10-27 03:07 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Sony
2013-08-18 01:42 - 2009-10-27 03:05 - 00000000 ____D C:\Users\Steve\AppData\Local\Sony
2013-08-18 01:31 - 2013-07-28 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-18 01:30 - 2011-12-05 16:43 - 00000000 ____D C:\Program Files\Google
2013-08-18 01:23 - 2011-12-05 16:44 - 00000000 ____D C:\Users\Steve\AppData\Local\Google
2013-08-18 00:56 - 2013-08-18 00:56 - 00000000 ____D C:\ProgramData\䇰Å㺠ÅÄÅ㌀Å8520-1533-40C5-AD09-953C574F14BCÄÅ㟐Å
2013-08-18 00:32 - 2013-08-18 00:32 - 00000000 ____D C:\ProgramData\䇰Ǜ㺠ǛÄǛ㌀Ǜ8520-1533-40C5-AD09-953C574F14BCÄǛ㟐Ǜ
2013-08-18 00:30 - 2013-08-18 00:30 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-18 00:30 - 2013-08-18 00:30 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-18 00:15 - 2013-08-17 21:51 - 00000000 ____D C:\Program Files\PC Registry Shield
2013-08-18 00:03 - 2013-08-17 21:52 - 00000000 ____D C:\Users\Steve\Documents\PCRegistyShield
2013-08-17 23:43 - 2013-08-17 23:43 - 00000000 ____D C:\ProgramData\䇰Ǐ㺠ǏÄǏ㌀Ǐ8520-1533-40C5-AD09-953C574F14BCÄǏ㟐Ǐ
2013-08-17 23:43 - 2006-11-02 13:47 - 00450320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 22:17 - 2013-08-17 21:50 - 00000368 _____ C:\Windows\Tasks\At1.job
2013-08-17 21:57 - 2013-08-17 21:57 - 00000000 ____D C:\Users\Steve\AppData\Local\avgchrome
2013-08-17 21:55 - 2013-04-21 20:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-17 21:54 - 2013-08-17 21:54 - 00001871 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-17 21:54 - 2013-08-17 21:54 - 00000000 ____D C:\ProgramData\䈈ċ㺸ċÄċ㌘ċ8520-1533-40C5-AD09-953C574F14BCÄċ㟨ċ
2013-08-17 21:54 - 2013-08-17 21:54 - 00000000 ____D C:\ProgramData\99
2013-08-17 21:54 - 2011-10-24 11:20 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-08-17 21:51 - 2013-08-17 21:50 - 00000000 ____D C:\Program Files\wrapper_inst
2013-08-17 21:51 - 2009-10-16 14:45 - 00145752 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-17 21:49 - 2013-08-17 21:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SeeSimilar
2013-08-17 21:49 - 2013-08-17 21:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\LibreOffice
2013-08-17 21:04 - 2009-10-16 15:29 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-17 21:04 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-17 21:02 - 2013-08-10 20:42 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SoftGrid Client
2013-08-17 20:20 - 2013-08-10 20:37 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TP
2013-08-17 20:15 - 2013-08-17 20:15 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (12).exe
2013-08-17 15:22 - 2013-08-17 15:22 - 00004361 _____ C:\Users\Steve\Downloads\dl.php
2013-08-15 12:49 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 11:52 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 03:09 - 2013-07-20 11:14 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:07 - 2006-11-02 11:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-10 22:06 - 2013-08-10 21:11 - 00000000 ____D C:\ProgramData\Virtualized Applications
2013-08-10 22:06 - 2013-08-10 20:42 - 00000000 ____D C:\Users\Steve\AppData\Local\SoftGrid Client
2013-08-10 22:05 - 2013-08-10 22:05 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (11).exe
2013-08-10 22:00 - 2013-08-10 22:00 - 00000000 ____D C:\Users\Steve\AppData\Local\Microsoft Help
2013-08-10 22:00 - 2013-08-10 22:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-10 21:57 - 2013-08-10 21:56 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (10).exe
2013-08-10 21:51 - 2013-08-10 21:51 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (9).exe
2013-08-10 21:42 - 2013-08-10 21:42 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (8).exe
2013-08-10 21:20 - 2013-08-10 21:20 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (7).exe
2013-08-10 21:18 - 2013-08-10 21:18 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (6).exe
2013-08-10 21:14 - 2013-08-10 21:14 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (5).exe
2013-08-10 21:11 - 2013-08-10 21:10 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (4).exe
2013-08-10 21:10 - 2013-08-10 21:10 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (3).exe
2013-08-10 20:46 - 2013-08-10 20:46 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (2).exe
2013-08-10 20:40 - 2006-11-02 11:33 - 00005074 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-10 20:37 - 2013-08-10 20:37 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (1).exe
2013-08-10 20:36 - 2013-08-10 20:35 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255.exe
2013-08-08 15:41 - 2011-06-19 15:38 - 00001945 _____ C:\Windows\epplauncher.mif
2013-08-08 15:40 - 2011-06-19 15:37 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-07 03:16 - 2013-08-03 22:32 - 00009728 _____ C:\Users\Steve\Desktop\MUMS NHS JOB.wps
2013-08-02 13:17 - 2012-12-09 08:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-02 13:17 - 2012-01-05 18:44 - 00000000 ____D C:\Users\Steve\AppData\Local\Adobe
2013-08-02 13:17 - 2011-06-19 17:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 03:40 - 2013-08-15 03:03 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 03:32 - 2013-08-15 03:03 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 03:30 - 2013-08-15 03:03 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 03:26 - 2013-08-15 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 03:26 - 2013-08-15 03:03 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 03:25 - 2013-08-15 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 03:24 - 2013-08-15 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 03:24 - 2013-08-15 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 03:23 - 2013-08-15 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 03:23 - 2013-08-15 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 03:23 - 2013-08-15 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 03:23 - 2013-08-15 03:03 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 03:23 - 2013-08-15 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 03:22 - 2013-08-15 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 03:22 - 2013-08-15 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 03:22 - 2013-08-15 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-22 17:26 - 2013-03-05 02:11 - 00000000 ____D C:\Users\Steve\Documents\Hotel

Files to move or delete:
====================
C:\Windows\Tasks\At1.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-19 02:29

==================== End Of Log ============================

Link to post
Share on other sites
ZeroG

ZeroG

Posted
  • Author
Posted

additional log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-08-2013
Ran by Steve at 2013-08-19 03:49:25
Running from C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S1W0266
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Apple Application Support (Version: 1.1.0)
Apple Software Update (Version: 2.1.1.116)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
ClamWin Free Antivirus 0.97.7
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CutePDF Writer 2.8
DaisyTrail American Holidays 2011 Digikit (Version: 1.0.2.019)
DaisyTrail British Street Party Digikit (Version: 1.0.2.019)
DaisyTrail Christmas Crafts Digikit (Version: 1.0.2.027)
DaisyTrail Father's Day 2012 Digikit (Version: 1.0.2.029)
DaisyTrail Fun at the Fête Digikit (Version: 1.0.2.019)
DaisyTrail Halloween 2011 Digikit (Version: 1.0.2.027)
DaisyTrail Happy Easter 2012 Digikit (Version: 1.0.2.028)
DaisyTrail Happy Hanukkah 2011 Digikit (Version: 1.0.2.027)
DaisyTrail In Her Shoes Digikit (Version: 1.0.2.017)
DaisyTrail Love Birds Digikit (Version: 1.0.1.013)
DaisyTrail Mother's Day 2012 Digikit (Version: 1.0.2.028)
DaisyTrail New Beginnings Digikit (Version: 1.0.2.022)
DaisyTrail New Year 2012 Digikit (Version: 1.0.2.027)
DaisyTrail Thankgiving 2011 Digikit (Version: 1.0.2.027)
DaisyTrail Valentine's 2012 Digikit (Version: 1.0.2.027)
Dell Resource CD (Version: 1.00.0000)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
docrafts DIGITAL Designer
docrafts Digital Designer™ (Version: 1.2.7)
ERUNT 1.1j
ESET Online Scanner v3
Football Manager 2010 (Version: 10.0.0.0)
Foxit Reader (Version: 3.1.2.1013)
Hallmark Card Studio (Version: 11.0.0.44)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.0.334.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.0.334.0)
HP Photo Creations (Version: 1.0.0.3341)
HP Update (Version: 5.002.005.003)
IDT Audio (Version: 1.0.6124.0)
Intel® Graphics Media Accelerator Driver
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 10.63.3.3)
McAfee Security Scan Plus (Version: 3.0.318.3)
McAfee SiteAdvisor (Version: 3.6.168)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
PowerDVD DX (Version: 8.2.5408)
QuickTime (Version: 7.65.17.80)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20113)
Serif CraftArtist Baby Photos Collection (Version: 1.0.0.007)
Serif CraftArtist Greeting Cards Collection (Version: 1.0.0.007)
Serif CraftArtist Professional (Version: 1.0.0.023)
Serif CraftArtist Scrapbooks Collection (Version: 1.0.0.007)
Serif CraftArtist Wedding Days Collection (Version: 1.0.0.008)
SUPERAntiSpyware (Version: 5.6.1014)
T-Mobile Internet Manager (Version: 11.301.05.05.105)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
 

==================== Restore Points  =========================

16-10-2009 12:20:11 Installed Dell Resource CD.
16-10-2009 12:23:05 Installed Realtek USB 2.0 Card Reader
16-10-2009 12:23:14 Device Driver Package Install: Realtek Semiconductor Corp. Universal Serial Bus controllers
16-10-2009 12:23:57 Device Driver Package Install: IDT Sound, video and game controllers
16-10-2009 12:24:53 Installed IDT Audio
16-10-2009 12:26:17 Device Driver Package Install: Intel Corporation Display adapters
16-10-2009 12:28:03 Device Driver Package Install: Intel IDE ATA/ATAPI controllers
16-10-2009 12:28:13 Device Driver Package Install: Intel System devices
16-10-2009 12:28:36 Device Driver Package Install: Intel System devices
16-10-2009 12:28:46 Device Driver Package Install: Intel System devices
16-10-2009 12:31:29 Device Driver Package Install: Broadcom Network adapters
16-10-2009 12:53:57 Device Driver Package Install: Roland Sound, video and game controllers
16-10-2009 12:57:54 Installed MSM32Installer
17-11-2009 20:22:05 Scheduled Checkpoint
18-11-2009 16:12:49 Scheduled Checkpoint
24-11-2009 20:16:59 Scheduled Checkpoint
14-12-2009 18:24:26 Scheduled Checkpoint
05-01-2010 17:59:48 Scheduled Checkpoint
12-01-2010 18:58:54 Scheduled Checkpoint
27-01-2010 18:52:53 Scheduled Checkpoint
28-01-2010 22:11:19 Scheduled Checkpoint
17-03-2010 17:12:39 Scheduled Checkpoint
24-05-2010 12:28:18 Scheduled Checkpoint
28-05-2010 12:26:53 Scheduled Checkpoint
15-06-2010 18:28:30 Scheduled Checkpoint
16-06-2010 12:37:39 Scheduled Checkpoint
19-06-2010 11:30:29 Scheduled Checkpoint
16-08-2010 11:10:45 Scheduled Checkpoint
16-11-2010 09:25:08 Scheduled Checkpoint
08-02-2011 17:02:55 Scheduled Checkpoint
31-05-2011 15:28:42 Scheduled Checkpoint
29-07-2011 18:34:45 Scheduled Checkpoint
29-08-2011 13:39:37 Scheduled Checkpoint
31-08-2011 14:24:26 Scheduled Checkpoint
07-10-2011 12:53:13 Scheduled Checkpoint
09-10-2011 12:18:32 Scheduled Checkpoint
23-10-2011 14:18:37 Scheduled Checkpoint
01-08-2013 18:38:15 Scheduled Checkpoint
03-08-2013 15:03:20 Windows Update
07-08-2013 09:36:25 Windows Update
08-08-2013 14:36:43 Windows Update
10-08-2013 20:30:31 Removed Microsoft Office Click-to-Run 2010
10-08-2013 21:08:49 Removed Microsoft Office Click-to-Run 2010
12-08-2013 12:00:30 Windows Update
15-08-2013 02:00:22 Windows Update
17-08-2013 20:02:40 Removed Microsoft Office Click-to-Run 2010
17-08-2013 20:40:04 Installed LibreOffice 4.1.0.4
17-08-2013 22:46:59 Removed LibreOffice 4.1.0.4
17-08-2013 23:15:04 Removed PC Registry Shield
17-08-2013 23:16:31 Installed LibreOffice 4.1.0.4
18-08-2013 00:40:25 Removed Sony Ericsson Media Manager 1.2
18-08-2013 14:29:28 Scheduled Checkpoint
18-08-2013 23:44:15 Windows Update
19-08-2013 02:33:03 Installed Microsoft Fix it 50195

==================== Hosts content: ==========================

2006-11-02 11:23 - 2013-08-19 02:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {31C4BE4D-7713-41D9-887A-24990BB7E7A2} - System32\Tasks\PcRegistryShield_Start => C:\Program Files\PC Registry Shield\PcRegistryShield.exe No File
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {449E6C74-6F83-46EB-9985-0FEF72FB46D1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {5AEA3352-DF9F-488D-A58F-7A36D0A5DF75} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File
Task: {6A0D34D8-73A5-455B-8770-839F8CA53513} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {6A9DFD4C-2DC3-4018-A299-59AA01A3853D} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe [2013-08-17] ()
Task: {887C63CB-69FF-4201-9F69-F026E59C042D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A62F61D4-8478-4458-A85B-9D6CE50D5A6B} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {B783C587-4B02-4901-8F44-7C1F5C27398B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-02] (Adobe Systems Incorporated)
Task: {D62E3111-761D-49D0-9041-F84FCB3B4146} - System32\Tasks\At1 => c:\Program Files\wrapper_inst\service.exe [2013-08-17] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FDCDCD79-CB8F-4BDC-A062-861373ECF31A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => c:\Program Files\wrapper_inst\service.exe
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\wrapper_inst\service.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #25
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{720C151B-04B9-45B9-872E-582D01F32BBA}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #32
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2013 02:24:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:44:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:37:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:37:01 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/19/2013 01:27:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:22:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:21:56 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/19/2013 01:19:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:18:39 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/19/2013 00:32:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/19/2013 02:24:58 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (08/19/2013 02:24:58 AM) (Source: Service Control Manager) (User: )
Description: Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)%%1058

Error: (08/19/2013 02:24:58 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (08/19/2013 02:23:13 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: 0

Error: (08/19/2013 02:22:05 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (08/19/2013 02:21:51 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (08/19/2013 02:20:39 AM) (Source: Service Control Manager) (User: )
Description: Marvell Yukon Service1

Error: (08/19/2013 02:17:53 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (08/19/2013 02:13:07 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (08/19/2013 02:13:00 AM) (Source: Service Control Manager) (User: )
Description: Dell Wireless WLAN Tray Service1

Microsoft Office Sessions:
=========================
Error: (08/19/2013 02:24:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:44:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:37:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:37:01 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/19/2013 01:27:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:22:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:21:56 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/19/2013 01:19:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 01:18:39 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/19/2013 00:32:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-08-18 12:04:42.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 12:04:42.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 12:04:41.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 12:04:41.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 10:08:03.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 10:08:03.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 10:08:03.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 10:08:02.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 09:29:37.957
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-18 09:29:37.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3031.63 MB
Available physical RAM: 1474.78 MB
Total Pagefile: 6291.54 MB
Available Pagefile: 4578.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:351.07 GB) (Free:265.48 GB) NTFS
Drive d: () (Fixed) (Total:100 GB) (Free:70.93 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.52 GB) NTFS
Drive g: (T-Mobile) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: F5623874)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=351 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites
ZeroG

ZeroG

Posted
  • Author
Posted

Thanks I have done that as instructed. here is the fixlog.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-08-2013
Ran by Steve at 2013-08-19 05:22:01 Run:1
Running from C:\Users\Steve\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
c:\Program Files\Microsoft Security Client
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe
HKLM\...\Run: [pcreg] - C:\Program Files\wrapper_inst\service.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Task: {31C4BE4D-7713-41D9-887A-24990BB7E7A2} - System32\Tasks\PcRegistryShield_Start => C:\Program Files\PC Registry Shield\PcRegistryShield.exe No File
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {5AEA3352-DF9F-488D-A58F-7A36D0A5DF75} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File
Task: {6A0D34D8-73A5-455B-8770-839F8CA53513} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {6A9DFD4C-2DC3-4018-A299-59AA01A3853D} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe [2013-08-17] ()
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {B783C587-4B02-4901-8F44-7C1F5C27398B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-02] (Adobe Systems Incorporated)
Task: {D62E3111-761D-49D0-9041-F84FCB3B4146} - System32\Tasks\At1 => c:\Program Files\wrapper_inst\service.exe [2013-08-17] ()
Task: {FDCDCD79-CB8F-4BDC-A062-861373ECF31A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => c:\Program Files\wrapper_inst\service.exe
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\wrapper_inst\service.exe

*****************

c:\Program Files\Microsoft Security Client => Will not be moved with FRST.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value deleted successfully.
HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCR\PROTOCOLS\Handler\dssrequest => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\sacore => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31C4BE4D-7713-41D9-887A-24990BB7E7A2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31C4BE4D-7713-41D9-887A-24990BB7E7A2} => Key deleted successfully.
C:\Windows\System32\Tasks\PcRegistryShield_Start => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PcRegistryShield_Start => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AEA3352-DF9F-488D-A58F-7A36D0A5DF75} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AEA3352-DF9F-488D-A58F-7A36D0A5DF75} => Key deleted successfully.
C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A0D34D8-73A5-455B-8770-839F8CA53513} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0D34D8-73A5-455B-8770-839F8CA53513} => Key deleted successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A9DFD4C-2DC3-4018-A299-59AA01A3853D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A9DFD4C-2DC3-4018-A299-59AA01A3853D} => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61555D3-7840-45C1-A5A9-0D49851DE37A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61555D3-7840-45C1-A5A9-0D49851DE37A} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B783C587-4B02-4901-8F44-7C1F5C27398B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B783C587-4B02-4901-8F44-7C1F5C27398B} => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D62E3111-761D-49D0-9041-F84FCB3B4146} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D62E3111-761D-49D0-9041-F84FCB3B4146} => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDCDCD79-CB8F-4BDC-A062-861373ECF31A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDCDCD79-CB8F-4BDC-A062-861373ECF31A} => Key deleted successfully.
C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\pcreg.job => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please uninstall ALL versions of Java.

Please uninstall McAfee Security Scan Plus

 

How is the computer running now?  Are there still any signs of infection?

 

Please, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Link to post
Share on other sites
ZeroG

ZeroG

Posted
  • Author
Posted

Hi, the system is running better now and to a layman like myself appears fine. One thing though, I noticed in that report that windows firewall was enabled. I didnt even know I had windows firewall, therefore this will have been on throughout the enitre process. Should I repeat the instructions you laid out in your first post just to be certain or am I ok? Thanks

 

Results of screen317's Security Check version 0.99.72 
 Windows Vista Service Pack 2 x86 (UAC is disabled!) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 McAfee SiteAdvisor   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Flash Player  11.8.800.94 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

Link to post
Share on other sites
ZeroG

ZeroG

Posted
  • Author
Posted

I have noticed however over the course of the day that Internet explorer is operating quite slowly but not sure if this was always the case as i only ever used to use google chrome or firefox. Also a new icon was created on my desktop at some point during the process since we started clearing things that appears with the explorer logo entitled 'the internet'. I havent installed anything so dont know how or why its there.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well one thing that seems to possibly be wrong and may not be easy to fix is Microsoft Security Essentials. 

 

It should be in your task tray as a small green icon.  Please see if you can right click and open it or not and do a Quick Scan and let me know.

 

I'm assuming this is your main antivirus software ?

Link to post
Share on other sites
ZeroG

ZeroG

Posted
  • Author
Posted

I ran a quick search, it scanned 26928 items and claimed that no threats were discovered during the scan.

 

It is my main one, the one I use to offer real time protection, I also have superantispyware which I use from time to time do scan but dont run in real time, I also have clamwin which I havent used for a long time

Link to post
Share on other sites
ZeroG

ZeroG

Posted
  • Author
Posted

I do apologise I dont know how to take a screen shot. When I right click on it it only offers 6 options, open home page, start without add ons, create shortcut, delete, rename and properties. This differes from other shortcuts which when right clicked offer many more options.

 

Upon clicking on properties it says internet properties and there are 7 sub menus General, Security, Privacy, content, connections, programmes, advanced. The general menu contains hompepage, browsing history, search and tab options. This differes from other programmes and the launch internet explorer icon which has 5 sub menus General, shortcut, compatibilit, security and details and when on the general menu offers information such as when it was created. The internet icon does not have that information

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

That sounds like the normal Internet Explorer icon to me.  It should be safe.  If you double-click on it then it should launch your Internet Explorer web browser.   Its possible that with all the cleaning we've done it fixed that too and put it on your desktop where it does belong.

Link to post
Share on other sites
ZeroG

ZeroG

Posted
  • Author
Posted

Yes it does load the explorer. So I have two explorer icons, one shortcut says launch internet explorer browser and the new one which just says the internet? You think this ok though?

 

If thats all fine is there anything else I need to do. As I said Ive had unwittingly had windows firewall on throughout this process, is that ok?

 

Another question I have, is there any reason why in programmes I could unistall firefox and chrome but there is no option to remove internet explorer?

 

Finally, what should I do next? Thank you

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes it's okay to have the firewall on as it does not conflict with scanners.  The one with the black arrow on the icon is a shortcut to the Internet Explorer icon and you can remove that one actually. 

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

Remove the rest of the tools used:

Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

Please read the following articles which will help you to better understand how the computer may have become infected as well as how to help prevent future infections. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.