Jump to content

Trojan and spamware keep coming back after removal


Recommended Posts

Hi

 

My wife opened a zipped file in an email from an unknown sender and we keep getting security alerts. We remove HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunIRegedit32 which Malware Bytes keeps on finding and Spammer:Win32/Cutwail.gen!D which MS Security Essentials keeps on finding but they keep coming back.

 

I am getting email bouncebacks stating I'm blocked as a spammer and I move houde on Thursday so this is terrible timing,

 

Can you help? Thanks in advance.

 

Here are the DDS logs as instructed.

 

 

C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\Payne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Payne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Payne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\payne\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [spotify] "c:\users\payne\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [spotify Web Helper] "c:\users\payne\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [CaddieSyncConduit] c:\program files\skygolf\caddiesync express\CaddieSyncExpress.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2E1A5972-CAAF-4B0D-85A7-AB01B4BA603B} : DHCPNameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{351F14A5-EE31-4E95-AA5E-D702E38F341C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A4D4AE85-0E72-4B73-82CA-4F64DEFD1AF4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FBD803E0-3477-46A7-914F-43F19F57FC8D} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RalinkRegistryWriter.exe [2013-2-22 69632]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2013-2-22 641024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2011-8-15 24424]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2013-2-15 451072]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
SUnknown ufzuenbg;ufzuenbg; [x]
.
=============== Created Last 30 ================
.
2013-09-08 00:27:29 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{83bddb6e-7827-4551-9a4c-5bb8a2f23ca9}\mpengine.dll
2013-09-06 14:02:06 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3a5bce9c-d7a1-4501-bdf6-bc7ce4992cae}\gapaengine.dll
2013-09-06 14:00:13 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-04 21:01:50 -------- d-----w- c:\users\payne\appdata\roaming\Malwarebytes
2013-09-04 21:00:32 -------- d-----w- c:\programdata\Malwarebytes
2013-09-04 21:00:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-04 21:00:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-28 05:58:20 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-25 21:01:49 -------- d-----w- c:\program files\iPod
2013-08-25 21:01:45 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-25 21:01:45 -------- d-----w- c:\program files\iTunes
2013-08-18 09:23:07 -------- d-----w- c:\users\payne\appdata\roaming\MetaCrawler
2013-08-17 12:47:31 -------- d-----w- c:\windows\system32\MRT
2013-08-17 08:58:46 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-17 08:58:46 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-17 08:58:43 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-17 08:58:42 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-17 08:58:38 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-17 08:58:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-17 08:58:15 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-17 08:58:15 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-17 08:58:14 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-17 08:58:09 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-17 08:58:09 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-17 08:58:08 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-17 08:58:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
.
==================== Find3M ====================
.
2013-08-20 23:16:33 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-20 23:16:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-28 13:28:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-28 13:28:22 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 13:28:22 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-26 07:23:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-06-26 07:23:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 1:52:46.82 ===============

 

 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 21/09/2011 06:45:23
System Uptime: 08/09/2013 01:32:05 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5G41C-M LX
Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | LGA775 | 2403/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 58.916 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Atheros USB Wireless LAN Driver Installer
Bonjour
CaddieSync Express 1.4.3
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CP2101 USB to UART Bridge Controller
EDIMAX Edimax Wireless LAN
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Scan
EPSON SX235 Series Printer Uninstall
EpsonNet Print
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.874
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Network Guide EPSON SX235 Series
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SkyCaddie Desktop
Spotify
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
U.B. Funkeys
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guide EPSON SX235 Series
Windows Mobile Device Updater Component
WinRAR 4.20 (32-bit)
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
 
Link to post
Share on other sites

download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Hi Kevin

 

Thanks for your response. Here are the requested logs.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-09-2013
Ran by Payne (administrator) on PAYNE-PC on 08-09-2013 11:05:05
Running from C:\Users\Payne\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ralink Technology, Corp.) C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(SkyHawke) C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Users\Payne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Edimax Technology Co.) C:\Program Files\EDIMAX\Common\RaUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Payne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Payne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Payne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Payne\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Users\Payne\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [CaddieSyncConduit] - C:\Program Files\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2379160 2012-10-22] (SkyHawke)
HKLM\...\Run: [] - 
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295512 2013-06-26] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-21] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Payne\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-21] (Google Inc.)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247728 2012-01-23] (TomTom)
HKCU\...\Run: [spotify] - C:\Users\Payne\AppData\Roaming\Spotify\Spotify.exe [9478320 2012-05-29] (Spotify Ltd)
HKCU\...\Run: [spotify Web Helper] - C:\Users\Payne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [932528 2012-05-29] ()
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
MountPoints2: {6d0efed0-e414-11e0-bdab-806e6f6e6963} - D:\autorun.exe
MountPoints2: {fbe12d71-774f-11e2-aa5f-bcaec5544a8b} - E:\Autorun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3C4E47FD-7F19-431E-995E-70C58DDCFE98} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=D925B3B7-B63F-4C32-A1C4-450054633389&apn_sauid=9114FAC7-1FAF-4571-82E9-8711E1D79F66
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Payne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Ask Toolbar) - C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0
CHR Extension: (YouTube) - C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Find and Remind by easyfundraising) - C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp\2.2.1_0
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Payne\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Payne\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 ADM8511; C:\Windows\System32\DRIVERS\NET8511.SYS [24424 2001-04-10] (ADMtek)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [641024 2008-07-30] (Ralink Technology Corp.)
S3 slabbus; C:\Windows\System32\DRIVERS\slabbus.sys [52384 2004-03-26] (MCCI)
S3 slabser; C:\Windows\System32\DRIVERS\slabser.sys [84512 2004-03-26] (MCCI)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [186592 2011-09-22] (Jungo)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-08 11:03 - 2013-09-08 11:03 - 01082239 _____ (Farbar) C:\Users\Payne\Downloads\FRST.exe
2013-09-08 11:02 - 2013-09-08 11:02 - 01948988 _____ (Farbar) C:\Users\Payne\Downloads\FRST64.exe
2013-09-08 02:02 - 2013-09-08 02:02 - 00013119 _____ C:\Users\Payne\Documents\DDS.txt
2013-09-08 02:02 - 2013-09-08 02:02 - 00007587 _____ C:\Users\Payne\Documents\Attach.txt
2013-09-08 01:53 - 2013-09-08 01:53 - 00007587 _____ C:\Users\Payne\Desktop\attach.txt
2013-09-08 01:53 - 2013-09-08 01:52 - 00013119 _____ C:\Users\Payne\Desktop\dds.txt
2013-09-08 01:50 - 2013-09-08 01:51 - 00688992 ____R (Swearware) C:\Users\Payne\Downloads\dds (1).com
2013-09-08 01:49 - 2013-09-08 01:50 - 00688992 _____ (Swearware) C:\Users\Payne\Downloads\dds.com
2013-09-06 00:11 - 2013-09-06 07:35 - 00018944 _____ C:\Users\Payne\Documents\Wyedale budget.xls
2013-09-04 22:01 - 2013-09-04 22:01 - 00000000 ____D C:\Users\Payne\AppData\Roaming\Malwarebytes
2013-09-04 22:00 - 2013-09-04 22:00 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-04 22:00 - 2013-09-04 22:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 22:00 - 2013-09-04 22:00 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-04 22:00 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-04 21:57 - 2013-09-04 21:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Payne\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-04 18:21 - 2013-09-04 18:22 - 01081304 _____ (ArcadeFrontier) C:\Users\Payne\Downloads\ArcadeFrontierGames.exe
2013-09-01 10:12 - 2013-09-08 10:58 - 00000376 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Payne.job
2013-09-01 10:12 - 2013-09-08 00:59 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Payne.job
2013-09-01 10:12 - 2013-09-07 16:48 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Payne.job
2013-08-30 12:00 - 2013-08-30 12:12 - 00029184 _____ C:\Users\Payne\Documents\Monthly Budget Sept 13.xls
2013-08-29 23:21 - 2013-08-29 23:21 - 00346624 _____ C:\Users\Payne\Downloads\Intermediary_Rates.xls
2013-08-28 09:41 - 2013-08-28 09:41 - 00010719 _____ C:\Users\Payne\Documents\Estimate from Blue.xlsx
2013-08-28 06:58 - 2013-08-02 03:48 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 22:02 - 2013-08-25 22:02 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-25 22:01 - 2013-08-25 22:02 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-25 22:01 - 2013-08-25 22:02 - 00000000 ____D C:\Program Files\iTunes
2013-08-25 22:01 - 2013-08-25 22:01 - 00000000 ____D C:\Program Files\iPod
2013-08-18 10:24 - 2013-08-18 10:26 - 89111376 _____ (Apple Inc.) C:\Users\Payne\Downloads\iTunesSetup.exe
2013-08-18 10:23 - 2013-08-18 10:23 - 00000000 ____D C:\Users\Payne\AppData\Roaming\MetaCrawler
2013-08-17 13:47 - 2013-08-17 13:49 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 13:39 - 2013-07-25 03:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-17 13:39 - 2013-07-25 03:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-17 13:39 - 2013-07-25 03:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-17 13:39 - 2013-07-25 03:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-17 13:39 - 2013-07-25 03:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-17 13:39 - 2013-07-25 03:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-17 13:39 - 2013-07-25 03:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-17 13:39 - 2013-07-25 03:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-17 13:39 - 2013-07-25 03:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-17 13:39 - 2013-07-25 03:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-17 13:39 - 2013-07-25 03:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-17 13:39 - 2013-07-25 03:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-17 13:39 - 2013-07-25 03:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-17 13:39 - 2013-07-25 03:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-17 13:39 - 2013-07-25 03:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-17 13:39 - 2013-07-25 03:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-17 09:58 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 09:58 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 09:58 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-17 09:58 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-17 09:58 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-17 09:58 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 09:58 - 2013-07-08 05:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 09:58 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 09:58 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-17 09:58 - 2013-07-05 04:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 09:58 - 2013-07-05 02:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-17 09:58 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-17 09:58 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 
==================== One Month Modified Files and Folders =======
 
2013-09-08 11:05 - 2009-04-11 13:34 - 01660717 _____ C:\Windows\WindowsUpdate.log
2013-09-08 11:04 - 2013-09-08 11:04 - 00000000 ____D C:\FRST
2013-09-08 11:03 - 2013-09-08 11:03 - 01082239 _____ (Farbar) C:\Users\Payne\Downloads\FRST.exe
2013-09-08 11:02 - 2013-09-08 11:02 - 01948988 _____ (Farbar) C:\Users\Payne\Downloads\FRST64.exe
2013-09-08 10:59 - 2012-02-18 14:16 - 00000000 ____D C:\Users\Payne\AppData\Roaming\Spotify
2013-09-08 10:58 - 2013-09-01 10:12 - 00000376 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Payne.job
2013-09-08 10:58 - 2011-09-21 20:35 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 10:58 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-08 10:58 - 2006-11-02 13:45 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 10:58 - 2006-11-02 13:45 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 10:26 - 2006-11-02 13:58 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-08 10:16 - 2012-04-09 07:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 10:04 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-08 09:58 - 2011-09-21 20:48 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419863109-2784400779-3227827296-1000UA.job
2013-09-08 09:58 - 2011-09-21 20:47 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419863109-2784400779-3227827296-1000Core.job
2013-09-08 09:34 - 2011-09-21 20:35 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 02:28 - 2006-11-02 11:33 - 00718584 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-08 02:02 - 2013-09-08 02:02 - 00013119 _____ C:\Users\Payne\Documents\DDS.txt
2013-09-08 02:02 - 2013-09-08 02:02 - 00007587 _____ C:\Users\Payne\Documents\Attach.txt
2013-09-08 01:53 - 2013-09-08 01:53 - 00007587 _____ C:\Users\Payne\Desktop\attach.txt
2013-09-08 01:52 - 2013-09-08 01:53 - 00013119 _____ C:\Users\Payne\Desktop\dds.txt
2013-09-08 01:51 - 2013-09-08 01:50 - 00688992 ____R (Swearware) C:\Users\Payne\Downloads\dds (1).com
2013-09-08 01:50 - 2013-09-08 01:49 - 00688992 _____ (Swearware) C:\Users\Payne\Downloads\dds.com
2013-09-08 01:30 - 2011-09-20 16:32 - 00000000 ____D C:\Users\Payne
2013-09-08 00:59 - 2013-09-01 10:12 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Payne.job
2013-09-07 16:48 - 2013-09-01 10:12 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Payne.job
2013-09-07 07:32 - 2011-09-20 22:31 - 00000000 ____D C:\Users\Payne\AppData\Roaming\Yxujh
2013-09-06 07:35 - 2013-09-06 00:11 - 00018944 _____ C:\Users\Payne\Documents\Wyedale budget.xls
2013-09-05 18:42 - 2012-01-15 12:09 - 00002627 _____ C:\Users\Payne\Desktop\Microsoft Office Word 2007 (2).lnk
2013-09-05 07:31 - 2008-01-21 04:02 - 00015980 _____ C:\Windows\PFRO.log
2013-09-04 22:25 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing
2013-09-04 22:01 - 2013-09-04 22:01 - 00000000 ____D C:\Users\Payne\AppData\Roaming\Malwarebytes
2013-09-04 22:00 - 2013-09-04 22:00 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-04 22:00 - 2013-09-04 22:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 22:00 - 2013-09-04 22:00 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-04 21:57 - 2013-09-04 21:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Payne\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-04 18:22 - 2013-09-04 18:21 - 01081304 _____ (ArcadeFrontier) C:\Users\Payne\Downloads\ArcadeFrontierGames.exe
2013-09-04 10:20 - 2011-09-21 20:36 - 00000000 ____D C:\Users\Payne\AppData\Roaming\Macromedia
2013-08-30 12:12 - 2013-08-30 12:00 - 00029184 _____ C:\Users\Payne\Documents\Monthly Budget Sept 13.xls
2013-08-29 23:21 - 2013-08-29 23:21 - 00346624 _____ C:\Users\Payne\Downloads\Intermediary_Rates.xls
2013-08-28 09:41 - 2013-08-28 09:41 - 00010719 _____ C:\Users\Payne\Documents\Estimate from Blue.xlsx
2013-08-25 22:02 - 2013-08-25 22:02 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-25 22:02 - 2013-08-25 22:01 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-25 22:02 - 2013-08-25 22:01 - 00000000 ____D C:\Program Files\iTunes
2013-08-25 22:01 - 2013-08-25 22:01 - 00000000 ____D C:\Program Files\iPod
2013-08-25 22:01 - 2011-09-22 19:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-21 00:16 - 2012-04-09 07:59 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 00:16 - 2011-09-21 20:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-18 10:26 - 2013-08-18 10:24 - 89111376 _____ (Apple Inc.) C:\Users\Payne\Downloads\iTunesSetup.exe
2013-08-18 10:23 - 2013-08-18 10:23 - 00000000 ____D C:\Users\Payne\AppData\Roaming\MetaCrawler
2013-08-17 18:26 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-08-17 13:49 - 2013-08-17 13:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 13:47 - 2006-11-02 11:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-17 13:45 - 2011-09-21 21:19 - 00000000 ____D C:\ProgramData\Microsoft Help
 
Files to move or delete:
====================
C:\Users\Payne\AppData\Local\Temp\92843uninstall.exe
C:\Users\Payne\AppData\Local\Temp\APNStub.exe
C:\Users\Payne\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Payne\AppData\Local\Temp\install_reader9_uk_air_mssd_aih.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\lowproc.exe
C:\Users\Payne\AppData\Local\Temp\ose00000.exe
C:\Users\Payne\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Payne\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Payne\AppData\Local\Temp\Sqlite3.dll
C:\Users\Payne\AppData\Local\Temp\stubhelper.dll
C:\Users\Payne\AppData\Local\Temp\WatchDriverSigningPolicy.exe
C:\Users\Payne\AppData\Local\Temp\_is1E4C.exe
C:\Users\Payne\AppData\Local\Temp\_is4E02.exe
C:\Users\Payne\AppData\Local\Temp\_is5927.exe
C:\Users\Payne\AppData\Local\Temp\_is9E8F.exe
C:\Users\Payne\AppData\Local\Temp\_isAD7D.exe
C:\Users\Payne\AppData\Local\Temp\_isCA34.exe
C:\Users\Payne\AppData\Local\Temp\_isE821.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-08 11:05
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-09-2013
Ran by Payne at 2013-09-08 11:06:49
Running from C:\Users\Payne\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
 Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader 9.5.5 (Version: 9.5.5)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.14.0)
Ask Toolbar Updater (HKCU Version: 1.2.3.29495)
Atheros USB Wireless LAN Driver Installer (Version: 1.00.7323)
Bonjour (Version: 3.0.0.10)
CaddieSync Express 1.4.3 (Version: 1.4.3)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
CP2101 USB to UART Bridge Controller
EDIMAX Edimax Wireless LAN (Version: 1.0.3.0)
Epson Easy Photo Print 2 (Version: 2.2.4.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.50.0000)
EPSON Scan
EPSON SX235 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
Google Chrome (HKCU Version: 29.0.1547.66)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
GoToMeeting 5.1.0.874 (HKCU Version: 5.1.0.874)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Network Guide EPSON SX235 Series
QuickTime (Version: 7.74.80.86)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
RealUpgrade 1.1 (Version: 1.1.0)
SkyCaddie Desktop
Spotify (HKCU Version: 0.8.3.222.g317ab79d)
TomTom HOME 2.8.3.2499 (Version: 2.8.3.2499)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
U.B. Funkeys
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guide EPSON SX235 Series
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
 
 
==================== Restore Points  =========================
 
27-08-2013 20:59:42 Scheduled Checkpoint
28-08-2013 05:53:38 Windows Update
28-08-2013 23:00:03 Scheduled Checkpoint
29-08-2013 10:32:25 Windows Update
30-08-2013 09:12:30 Scheduled Checkpoint
30-08-2013 22:31:25 Scheduled Checkpoint
31-08-2013 18:23:00 Scheduled Checkpoint
01-09-2013 12:59:45 Scheduled Checkpoint
02-09-2013 07:30:41 Windows Update
03-09-2013 08:35:46 Scheduled Checkpoint
04-09-2013 07:54:18 Scheduled Checkpoint
04-09-2013 23:45:56 Scheduled Checkpoint
05-09-2013 13:30:11 Windows Update
06-09-2013 07:30:40 Scheduled Checkpoint
07-09-2013 16:45:20 Scheduled Checkpoint
08-09-2013 01:26:00 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {04079A4B-18DA-4469-9BC8-C9D6EFDD8BF7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-419863109-2784400779-3227827296-1000Core => C:\Users\Payne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21] (Google Inc.)
Task: {11E41CBE-1739-4729-B2E3-DB6C504B464B} - System32\Tasks\RNUpgradeHelperResumePrompt_Payne => C:\Users\Payne\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-08-31] (RealNetworks, Inc.)
Task: {12561295-48FD-49DA-821A-AB88822C75C3} - System32\Tasks\ReclaimerUpdateXML_Payne => C:\Users\Payne\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-08-31] (RealNetworks, Inc.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2769869C-3C3C-450C-A2B5-2811CDEC3D00} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {2D2DEC4F-74BB-4FB5-9626-21B3A60365F1} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-21] (Microsoft Corporation)
Task: {2E46607D-E1D0-4205-B981-F8E5829C2509} - System32\Tasks\User_Feed_Synchronization-{1301989A-6188-4085-9811-92DE15B80469} => C:\Windows\system32\msfeedssync.exe [2011-09-21] (Microsoft Corporation)
Task: {36B6A708-B2F2-447E-8F84-99D7F168E7C5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-419863109-2784400779-3227827296-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {5D536EA4-E19E-4CB5-87EB-8302AB8E5A04} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-419863109-2784400779-3227827296-1000UA => C:\Users\Payne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21] (Google Inc.)
Task: {60460F69-EDDF-41DB-A8C4-992BBE6D1568} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {63609CB8-F6B4-4061-812F-9D93E9754E62} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-419863109-2784400779-3227827296-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {679FBCCB-829B-4E8D-82CE-7B454387CF1E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-419863109-2784400779-3227827296-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {68B0F6B5-1267-40C0-A8ED-AA7003757804} - System32\Tasks\ReclaimerUpdateFiles_Payne => C:\Users\Payne\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-08-31] (RealNetworks, Inc.)
Task: {6D8DFC1F-D61F-49E8-9743-25D292C1C77B} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-12-10] ()
Task: {741E7355-E760-4FE4-9DC4-A9A66F3FB732} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7C9DAD15-1EEE-4BCA-928C-F7D44AA865BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-21] (Google Inc.)
Task: {8135C311-EFBB-4D2F-BD65-1118EF95503E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-21] (Google Inc.)
Task: {8993F1FF-412B-424C-9BE2-976974C0A073} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {900BA7C6-7ADE-43A5-BB5F-CBE0990C17AF} - System32\Tasks\RNUpgradeHelperLogonPrompt_Payne => C:\Users\Payne\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-08-31] (RealNetworks, Inc.)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {C436DF6D-2326-4D2E-8E96-55ED79886717} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Payne => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {F80EF0FB-AA03-4D0F-A85B-127472F7E673} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA8288AD-B8A0-49E0-B3ED-230FE1CCB5ED} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-419863109-2784400779-3227827296-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419863109-2784400779-3227827296-1000Core.job => C:\Users\Payne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419863109-2784400779-3227827296-1000UA.job => C:\Users\Payne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Payne.job => C:\Users\Payne\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Payne.job => C:\Users\Payne\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Payne.job => C:\Users\Payne\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-02-11 18:40 - 2011-02-11 18:40 - 00085504 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2009-10-21 18:39 - 2009-10-21 18:39 - 00291328 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\LcMgr.dll
2010-10-12 10:58 - 2010-10-12 10:58 - 00136704 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\ScanEngine30.dll
2010-10-12 10:54 - 2010-10-12 10:54 - 00055808 _____ (SEIKO EPSON CORP.) C:\Program Files\Epson Software\Event Manager\ScnMgr10.dll
2010-11-19 12:06 - 2010-11-19 12:06 - 00112640 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\epnsm.dll
2005-01-13 11:47 - 2005-01-13 11:47 - 00049152 _____ (SEIKO EPSON CORP.) C:\Program Files\Epson Software\Event Manager\ESPSUTL.dll
2012-10-22 20:37 - 2012-10-22 20:37 - 00166296 _____ () C:\Program Files\SkyGolf\CaddieSync Express\conduitscripting0.dll
2009-01-10 11:32 - 2009-01-10 11:32 - 00011362 _____ () C:\Program Files\SkyGolf\CaddieSync Express\mingwm10.dll
2009-06-22 19:42 - 2009-06-22 19:42 - 00043008 _____ () C:\Program Files\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll
2010-09-23 15:52 - 2010-09-23 15:52 - 02537472 _____ () C:\Program Files\SkyGolf\CaddieSync Express\QtCore4.dll
2010-09-13 03:16 - 2010-09-13 03:16 - 02173952 _____ () C:\Program Files\SkyGolf\CaddieSync Express\QtScript4.dll
2010-09-13 06:12 - 2010-09-13 06:12 - 00744448 _____ () C:\Program Files\SkyGolf\CaddieSync Express\QtScriptTools4.dll
2010-09-13 02:30 - 2010-09-13 02:30 - 09814016 _____ () C:\Program Files\SkyGolf\CaddieSync Express\QtGui4.dll
2010-09-13 01:51 - 2010-09-13 01:51 - 00399360 _____ () C:\Program Files\SkyGolf\CaddieSync Express\QtXml4.dll
2012-10-22 20:32 - 2012-10-22 20:32 - 00107008 _____ () C:\Program Files\SkyGolf\CaddieSync Express\qextserialport1.dll
2012-10-22 20:32 - 2012-10-22 20:32 - 00591360 _____ () C:\Program Files\SkyGolf\CaddieSync Express\qjson0.dll
2010-09-13 01:55 - 2010-09-13 01:55 - 01140224 _____ () C:\Program Files\SkyGolf\CaddieSync Express\QtNetwork4.dll
2011-05-26 13:41 - 2011-05-26 13:41 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01292136 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 00923496 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 16303976 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-09-05 20:06 - 2013-09-02 21:34 - 47074256 _____ (Google Inc.) C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\chrome.dll
2013-09-05 20:07 - 2013-09-02 21:35 - 09962960 _____ (The ICU Project) C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\icudt.dll
2013-09-05 20:07 - 2013-09-02 21:35 - 04053456 _____ () C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-05 20:07 - 2013-09-02 21:35 - 00410576 _____ () C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-05 20:07 - 2013-09-02 21:35 - 02110928 _____ (Google Inc.) C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll
2013-09-05 20:06 - 2013-09-02 21:35 - 01604560 _____ () C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-09-05 20:06 - 2013-09-02 19:46 - 03231688 _____ (Microsoft Corporation) C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\D3DCompiler_46.dll
2013-09-05 20:07 - 2013-09-02 21:35 - 00709584 _____ () C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-05 20:07 - 2013-09-02 21:35 - 00099792 _____ () C:\Users\Payne\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\Users\Payne\Documents\Enquiry from Software Partner Website.eml:OECustomProperty
AlternateDataStreams: C:\Users\Payne\Documents\Introducer Marketing Agreement Jun 2010.eml:OECustomProperty
AlternateDataStreams: C:\Users\Payne\Documents\Reporting Requirements.eml:OECustomProperty
AlternateDataStreams: C:\Users\Payne\Documents\RE_ Renewals 2013.eml:OECustomProperty
AlternateDataStreams: C:\Users\Payne\Documents\Website.eml:OECustomProperty
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/08/2013 01:33:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/08/2013 00:32:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600
 
Error: (09/08/2013 00:32:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15600
 
Error: (09/08/2013 00:32:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/07/2013 07:31:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/06/2013 10:13:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12057661
 
Error: (09/06/2013 10:13:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12057661
 
Error: (09/06/2013 10:13:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/06/2013 02:46:56 PM) (Source: Application Error) (User: )
Description: Faulting application c8WL.exe, version 0.0.0.0, time stamp 0x52297c1e, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x0006657b,
process id 0x180c, application start time 0xc8WL.exe0.
 
Error: (09/06/2013 02:46:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 761035
 
 
System errors:
=============
Error: (09/06/2013 10:13:58 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (09/05/2013 02:17:56 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (09/04/2013 06:49:59 AM) (Source: Microsoft-Windows-ResourcePublication) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
 
Error: (08/31/2013 08:44:03 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{351F14A5-EE31-4E95-AA5E-D702E38F341C}.
The backup browser is stopping.
 
Error: (08/31/2013 04:55:08 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:53:34 PM on 8/31/2013 was unexpected.
 
Error: (08/30/2013 05:52:30 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.157.691.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.2.0223.00
 
Source Path: 4.2.0223.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/22/2013 06:34:07 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ISABEL-TOSH
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{351F14A5-EE31-4E95-AA5E-D702E3.
The master browser is stopping or an election is being forced.
 
Error: (08/20/2013 09:06:31 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DELL-1545
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{351F14A5-EE31-4E95-AA5E-D702E38F.
The master browser is stopping or an election is being forced.
 
Error: (08/19/2013 03:08:08 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ISABEL-TOSH
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{351F14A5-EE31-4E95-AA5E-D702E3.
The master browser is stopping or an election is being forced.
 
Error: (08/18/2013 11:58:54 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DELL-1545
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{351F14A5-EE31-4E95-AA5E-D702E38F.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (09/03/2012 03:31:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-08 11:06:03.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 11:06:03.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 11:06:03.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 11:06:03.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-07 23:27:47.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-07 23:27:47.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-07 23:27:47.236
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-07 23:27:47.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-07 23:27:46.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-07 23:27:46.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 64%
Total physical RAM: 2012.38 MB
Available physical RAM: 719.92 MB
Total Pagefile: 4272.04 MB
Available Pagefile: 2817.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:136.05 GB) (Free:58.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 039FCC0A)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=136 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Thanks for the logs, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.

 

 

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Please download AdwCleaner from here: http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode and save to your Desktop.

 

 

Let me see those logs, also give an update on current issues/concerns....

 

Kevin

fixlist.txt

Link to post
Share on other sites

Hi Kevin

 

Here is the fixlog and malwarebytes quick scan log. I will run adwcleaner in a minute and post the log if anything comes up.

 

Thanks.

 

Start
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
CHR Extension: (Ask Toolbar) - C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0
C:\Users\Payne\AppData\Roaming\Yxujh
C:\Users\Payne\AppData\Local\Temp\92843uninstall.exe
C:\Users\Payne\AppData\Local\Temp\APNStub.exe
C:\Users\Payne\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Payne\AppData\Local\Temp\install_reader9_uk_air_mssd_aih.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\lowproc.exe
C:\Users\Payne\AppData\Local\Temp\ose00000.exe
C:\Users\Payne\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Payne\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Payne\AppData\Local\Temp\Sqlite3.dll
C:\Users\Payne\AppData\Local\Temp\stubhelper.dll
C:\Users\Payne\AppData\Local\Temp\WatchDriverSigningPolicy.exe
C:\Users\Payne\AppData\Local\Temp\_is1E4C.exe
C:\Users\Payne\AppData\Local\Temp\_is4E02.exe
C:\Users\Payne\AppData\Local\Temp\_is5927.exe
C:\Users\Payne\AppData\Local\Temp\_is9E8F.exe
C:\Users\Payne\AppData\Local\Temp\_isAD7D.exe
C:\Users\Payne\AppData\Local\Temp\_isCA34.exe
C:\Users\Payne\AppData\Local\Temp\_isE821.exe
End
 
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.04.07
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Payne :: PAYNE-PC [administrator]
 
08/09/2013 17:47:29
mbam-log-2013-09-08 (17-47-29).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222679
Time elapsed: 8 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
 
 
 
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites

Hi Kevin 

 

Here is the ADWcleaner log

 

It looks like what ever it was has gone but please take a look at this log in case I'm missing something.

 

Do you have any thoughts on the matter?

 

I will also run full scans with MS Security Essentials and Malware Bytes just to double check but assuming nothing comes up, thanks for your help.

 

Ed

 


# AdwCleaner v3.003 - Report created 08/09/2013 at 18:27:41

# Updated 07/09/2013 by Xplode

# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)

# Username : Payne - PAYNE-PC

# Running from : C:\Users\Payne\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Users\Payne\AppData\Local\apn

Folder Deleted : C:\Users\Payne\AppData\LocalLow\AskToolbar

File Deleted : C:\Windows\system32\Uninstall.exe

File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D8DFC1F-D61F-49E8-9743-25D292C1C77B}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D8DFC1F-D61F-49E8-9743-25D292C1C77B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Product Deleted : Ask Toolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16502

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3257 octets] - [08/09/2013 18:01:17]

AdwCleaner[s0].txt - [3152 octets] - [08/09/2013 18:27:41]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3212 octets] ##########

 

Link to post
Share on other sites

You`ve not posted the log from FRST fix, you`ve posted the fix text that I attached in my last reply. Your system only appeared to be sluggish due to unwanted adware, nothing serious....

 

Run the following:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin...

Link to post
Share on other sites

Sorry Kevin

 

Here is the missing log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-09-2013
Ran by Payne at 2013-09-08 17:42:09 Run:1
Running from C:\Users\Payne\Documents\Malware logs
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
CHR Extension: (Ask Toolbar) - C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0
C:\Users\Payne\AppData\Roaming\Yxujh
C:\Users\Payne\AppData\Local\Temp\92843uninstall.exe
C:\Users\Payne\AppData\Local\Temp\APNStub.exe
C:\Users\Payne\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Payne\AppData\Local\Temp\install_reader9_uk_air_mssd_aih.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Payne\AppData\Local\Temp\lowproc.exe
C:\Users\Payne\AppData\Local\Temp\ose00000.exe
C:\Users\Payne\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Payne\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Payne\AppData\Local\Temp\Sqlite3.dll
C:\Users\Payne\AppData\Local\Temp\stubhelper.dll
C:\Users\Payne\AppData\Local\Temp\WatchDriverSigningPolicy.exe
C:\Users\Payne\AppData\Local\Temp\_is1E4C.exe
C:\Users\Payne\AppData\Local\Temp\_is4E02.exe
C:\Users\Payne\AppData\Local\Temp\_is5927.exe
C:\Users\Payne\AppData\Local\Temp\_is9E8F.exe
C:\Users\Payne\AppData\Local\Temp\_isAD7D.exe
C:\Users\Payne\AppData\Local\Temp\_isCA34.exe
C:\Users\Payne\AppData\Local\Temp\_isE821.exe
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3C4E47FD-7F19-431E-995E-70C58DDCFE98} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3C4E47FD-7F19-431E-995E-70C58DDCFE98} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Users\Payne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => Moved successfully.
C:\Users\Payne\AppData\Roaming\Yxujh => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\92843uninstall.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\install_reader9_uk_air_mssd_aih.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\SpotifyUpgrader.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\WatchDriverSigningPolicy.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\_is1E4C.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\_is4E02.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\_is5927.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\_is9E8F.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\_isAD7D.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\_isCA34.exe => Moved successfully.
C:\Users\Payne\AppData\Local\Temp\_isE821.exe => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Hi Kevin

 

Checkuptext as requested

 

Ed

 

Results of screen317's Security Check version 0.99.73  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Thanks for the logs and update on status, continue as follows:

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.
Step 2 - Select your Langauge.
Step 3 - Select latest version.

Untick the option for McAfee security scanner if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....
 

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :FilesC:\FRSTC:\Users\Payne\Downloads\FRST.exeC:\Users\Payne\Downloads\FRST64.exeipconfig /flushdns /c:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see that log, also tell me if any remaining issues or concerns. If all ok do this:



  • Double-click OTM.exe to run it again. Windows 7/8 or Vista accept UAC alert..
  • Click on the Green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
  • It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

Kevin..

 

Link to post
Share on other sites

Hi Kevin

 

Here is the OTM log as requested.

 

Thanks

 

Ed

 

All processes killed

========== FILES ==========

C:\FRST\Quarantine\Yxujh folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\tb_ux folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\lib folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\content_script\hack folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\content_script folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\config\skin\js folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\config\skin\images folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\config\skin\css folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\config\skin folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\config\locales\en folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\config\locales folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\config folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\background folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0 folder moved successfully.

C:\FRST\Quarantine\aaaaojmikegpiepcfdkkjaplodkpfmlo folder moved successfully.

C:\FRST\Quarantine folder moved successfully.

C:\FRST\Logs folder moved successfully.

C:\FRST\Hives\Users\00000002 folder moved successfully.

C:\FRST\Hives\Users\00000001 folder moved successfully.

C:\FRST\Hives\Users folder moved successfully.

C:\FRST\Hives folder moved successfully.

C:\FRST folder moved successfully.

C:\Users\Payne\Downloads\FRST.exe moved successfully.

File/Folder C:\Users\Payne\Downloads\FRST64.exe not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Payne\Downloads\cmd.bat deleted successfully.

C:\Users\Payne\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Payne

->Temp folder emptied: 458727073 bytes

->Temporary Internet Files folder emptied: 390176259 bytes

->Java cache emptied: 3076948 bytes

->Google Chrome cache emptied: 430063820 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1677667590 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4978554 bytes

RecycleBin emptied: 3031227 bytes

 

Total Files Cleaned = 2,830.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 09092013_210337
Link to post
Share on other sites

If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Take care,

 

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.