Jump to content

trojan.zaccess gupdate


Recommended Posts

This seems to have been around for a while, but any fix patches won't download.  The MSE seems to be infected too.

 

Malware log:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.08.03
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
HOME :: HOME-PC [administrator]
 
08/09/2013 19:42:54
mbam-log-2013-09-08 (19-42-54).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 274576
Time elapsed: 12 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\‮etadpug (Trojan.Zaccess) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

_______

 

Please help.

Thanks.

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for the info.  I will try this evening when I get home.

 

I will have to dowload onto a stick here at my office as the virus won't let me download to my home PC.  It has blocked my MSE anti-virus program.  It also looks like it has deleted all previous system restore points.  It always recreates itself after a reboot, even in safe mode and removal then.

 

I will download onto a stick now and try again this evening.

 

Thanks your help.

 

Please don't close the thread case as I will feedback all results and scan texts.

 

Thanks again.

Link to post
Share on other sites

This is even more serious than I thought.  I was unable to download any files as the virus checks failed.  The whole security system is down and cannot be turned on.  No windows updates possible.  All system restore points deleted.  Not possible to download any files, defo not .exe files.  Cannot read any memory sticks inserted - sticks shown as no files, despite the files you offered being on the memory stick.  Files zipped up to get thru', which seemed to be ok.  Zips downloaded.  However, when extracting files they disappear.  The extra folders are empty.  Not possible to run the file from inside the zip folder.

 

Looks like a 'boot to CD' is only option.  Then reinstall.  Or just reformat.  I'm running 2 x 500gb RAID 0.

 

I've taken all my data and files etc off the PC onto a remote HDD.  I'm tepted to launch the whole PC into the Thames.

 

Thanks for reading.

 

Kind regards

Link to post
Share on other sites

You can try this:

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC
Link to post
Share on other sites

I ran FRST via a CD at command prompt and the text is below.

I can see where it has zero accessed the security.  So frustrating.

Please see below.  Thanks all your help.

___________________________

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013

Ran by SYSTEM on MINWINPC on 10-09-2013 19:59:50

Running from H:\

Windows Vista Home Premium (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [bluetooth HCI Monitor] - RunDll32 HCIMNTR.DLL,RunCheckHCIMode

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-26] (Intel Corporation)

HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()

HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)

HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel® Corporation)

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-23] (Google)

HKLM\...\Run: [dlcqmon.exe] - C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()

HKLM\...\Run: [MemoryCardManager] - C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [988584 2007-08-31] (Microsoft Corporation)

HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)

HKLM\...\Run: [PMX Daemon] - ICO.EXE

HKLM\...\Run: [OxigenClientAdmin] - C:\Program Files\Oxigen\bin\Oxigen.exe [887264 2007-06-22] ()

HKLM\...\Run: [OxigenTrayIcon] - C:\Program Files\Oxigen\bin\OxiTray.exe [557536 2007-06-22] ()

HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-12] (SigmaTel, Inc.)

HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

HKLM\...\Run: [DLCQCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [NSU_agent] - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)

HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)

HKLM\...\Run: [] -

HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)

HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] ()

HKLM\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\IUSR_NMPR\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\IUSR_NMPR\...\Run: [MsnMsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

HKU\IUSR_NMPR\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe

HKU\Home\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Home\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2010-11-15] (Google Inc.)

HKU\Home\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-05-21] (Samsung)

HKU\Home\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [ 2010-10-25] (Adobe Systems Incorporated)

HKU\Home\...\Run: [AdobeBridge] -

HKU\Home\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [ 2013-04-23] (Samsung)

HKU\Home\...\Run: [Google Update] -

 

========================== Services (Whitelisted) =================

 

S4 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel® Corporation)

S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel® Corporation)

S2 dlcq_device; C:\Windows\system32\dlcqcoms.exe [537480 2006-12-12] ( )

S4 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-23] (Google)

S2 gupdate1c9c5bd32cd5c25; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-25] (Google Inc.)

S2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel® Corporation)

S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()

S2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel® Corporation)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] ()

S2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel® Corporation)

S2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel® Corporation)

S2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel® Corporation)

S2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)

S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}\   \...\???\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

S3 BFAIFILT; C:\Windows\System32\Drivers\bfaifilt.sys [3264 2004-07-13] ()

S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)

S3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [31896 2005-11-27] (DemoForge, LLC)

S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-12-13] (Intel Corporation)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)

S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))

S2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)

S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)

S0 qfmmw; C:\Windows\System32\drivers\thijpf.sys [54016 2013-09-10] ()

S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)

S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()

S3 U2KG54; C:\Windows\System32\DRIVERS\U2KG54.sys [245376 2005-10-17] (Ralink Technology Inc.)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S0 luvjd; System32\drivers\ygtgol.sys [x]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-10 10:43 - 2013-09-10 10:43 - 00054016 _____ C:\Windows\System32\Drivers\thijpf.sys

2013-09-10 09:31 - 2013-09-10 09:32 - 00000000 ____D C:\Users\Home\Desktop\Contacts vcf files

2013-09-10 09:21 - 2013-09-10 09:21 - 00000000 ____D C:\Users\Home\Desktop\FRST

2013-09-10 09:20 - 2013-09-10 09:22 - 00000000 ____D C:\Users\Home\Desktop\RogueKiller

2013-09-10 09:18 - 2013-09-10 09:18 - 01960454 _____ C:\Users\Home\Desktop\RogueKiller.zip

2013-09-10 09:18 - 2013-09-10 09:18 - 00892447 _____ C:\Users\Home\Desktop\RogueKiller alone.zip

2013-09-09 22:31 - 2013-09-09 22:31 - 00117748 _____ C:\Users\Home\Desktop\Contacts_sep13.zip

2013-09-09 22:28 - 2013-09-09 22:28 - 00761856 _____ C:\Users\Home\Desktop\Contacts_sep13.mdb

2013-09-09 22:28 - 2013-09-09 22:28 - 00038429 _____ C:\Users\Home\AppData\Roaming\Microsoft Access 97-2003.ADR

2013-09-09 12:34 - 2013-09-09 12:36 - 00385536 _____ C:\Users\Home\Desktop\contacts_sep13.xls

2013-09-09 08:31 - 2013-09-09 11:49 - 00001624 _____ C:\Windows\setupact.log

2013-09-09 08:31 - 2013-09-09 08:31 - 00000000 _____ C:\Windows\setuperr.log

2013-09-08 12:02 - 2013-09-08 12:03 - 00000571 _____ C:\Windows\WindowsUpdate.log

2013-09-08 10:03 - 2013-09-08 10:03 - 00054016 _____ C:\Windows\System32\Drivers\mewwj.sys

2013-09-08 09:47 - 2013-09-08 09:47 - 00054016 _____ C:\Windows\System32\Drivers\nxqkdhq.sys

2013-09-08 03:24 - 2013-09-09 11:35 - 1911861246 _____ C:\avenger.txt

2013-09-08 03:24 - 2013-09-08 03:24 - 00000000 ____D C:\Avenger

2013-09-07 23:06 - 2013-09-07 23:06 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2013-08-28 04:04 - 2013-08-01 18:48 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL

2013-08-21 02:21 - 2013-08-21 02:22 - 00114161 _____ C:\Users\Home\Downloads\SKMBT_C45213081913040.zip

2013-08-17 02:34 - 2013-08-17 02:34 - 00065096 _____ C:\Users\Home\Downloads\report (12).csv

2013-08-13 18:18 - 2013-08-13 18:28 - 00000000 ____D C:\Windows\System32\MRT

2013-08-13 18:04 - 2013-07-24 18:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-08-13 18:04 - 2013-07-24 18:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-08-13 18:04 - 2013-07-24 18:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-08-13 18:04 - 2013-07-24 18:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-08-13 18:04 - 2013-07-24 18:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-08-13 18:04 - 2013-07-24 18:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-08-13 18:04 - 2013-07-24 18:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll

2013-08-13 18:04 - 2013-07-24 18:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-08-13 18:04 - 2013-07-24 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-08-13 18:04 - 2013-07-24 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-08-13 18:04 - 2013-07-24 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-08-13 18:04 - 2013-07-24 18:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-08-13 18:04 - 2013-07-24 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-08-13 18:04 - 2013-07-24 18:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-08-13 18:04 - 2013-07-24 18:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-08-13 18:04 - 2013-07-24 18:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-08-13 16:36 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll

2013-08-13 16:36 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-08-13 16:36 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-08-13 16:36 - 2013-07-04 19:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-08-13 16:36 - 2013-07-04 17:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys

2013-08-13 16:36 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll

2013-08-13 16:36 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

2013-08-13 16:35 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll

2013-08-13 16:35 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2013-08-13 16:35 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2013-08-13 16:35 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-08-13 16:35 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-08-13 16:35 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

 

==================== One Month Modified Files and Folders =======

 

2013-09-10 19:59 - 2013-09-10 19:59 - 00000000 ____D C:\FRST

2013-09-10 10:43 - 2013-09-10 10:43 - 00054016 _____ C:\Windows\System32\Drivers\thijpf.sys

2013-09-10 10:43 - 2007-12-13 20:39 - 00005332 _____ C:\Windows\bthservsdp.dat

2013-09-10 10:43 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-10 10:43 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-10 10:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Globalization

2013-09-10 10:01 - 2006-11-02 02:33 - 00731396 _____ C:\Windows\System32\PerfStringBackup.INI

2013-09-10 09:57 - 2007-12-28 11:04 - 00000000 ____D C:\Program Files\Dl_cats

2013-09-10 09:32 - 2013-09-10 09:31 - 00000000 ____D C:\Users\Home\Desktop\Contacts vcf files

2013-09-10 09:32 - 2008-04-12 02:56 - 00038450 _____ C:\Users\Home\AppData\Roaming\Comma Separated Values (Windows).ADR

2013-09-10 09:22 - 2013-09-10 09:20 - 00000000 ____D C:\Users\Home\Desktop\RogueKiller

2013-09-10 09:21 - 2013-09-10 09:21 - 00000000 ____D C:\Users\Home\Desktop\FRST

2013-09-10 09:18 - 2013-09-10 09:18 - 01960454 _____ C:\Users\Home\Desktop\RogueKiller.zip

2013-09-10 09:18 - 2013-09-10 09:18 - 00892447 _____ C:\Users\Home\Desktop\RogueKiller alone.zip

2013-09-09 22:31 - 2013-09-09 22:31 - 00117748 _____ C:\Users\Home\Desktop\Contacts_sep13.zip

2013-09-09 22:28 - 2013-09-09 22:28 - 00761856 _____ C:\Users\Home\Desktop\Contacts_sep13.mdb

2013-09-09 22:28 - 2013-09-09 22:28 - 00038429 _____ C:\Users\Home\AppData\Roaming\Microsoft Access 97-2003.ADR

2013-09-09 13:01 - 2007-12-28 10:57 - 00245760 _____ C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-09-09 12:36 - 2013-09-09 12:34 - 00385536 _____ C:\Users\Home\Desktop\contacts_sep13.xls

2013-09-09 12:34 - 2009-10-25 05:00 - 00038428 _____ C:\Users\Home\AppData\Roaming\Microsoft Excel 97-2003.ADR

2013-09-09 11:49 - 2013-09-09 08:31 - 00001624 _____ C:\Windows\setupact.log

2013-09-09 11:35 - 2013-09-08 03:24 - 1911861246 _____ C:\avenger.txt

2013-09-09 08:31 - 2013-09-09 08:31 - 00000000 _____ C:\Windows\setuperr.log

2013-09-09 08:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Help

2013-09-08 12:03 - 2013-09-08 12:02 - 00000571 _____ C:\Windows\WindowsUpdate.log

2013-09-08 11:55 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\L2Schemas

2013-09-08 11:06 - 2013-07-06 02:27 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-09-08 10:10 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\security

2013-09-08 10:03 - 2013-09-08 10:03 - 00054016 _____ C:\Windows\System32\Drivers\mewwj.sys

2013-09-08 10:03 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Web

2013-09-08 09:47 - 2013-09-08 09:47 - 00054016 _____ C:\Windows\System32\Drivers\nxqkdhq.sys

2013-09-08 03:24 - 2013-09-08 03:24 - 00000000 ____D C:\Avenger

2013-09-07 23:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tracing

2013-09-07 23:06 - 2013-09-07 23:06 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2013-09-07 22:53 - 2009-04-14 22:34 - 00196608 _____ C:\Windows\System32\Ikeext.etl

2013-09-07 18:30 - 2013-02-02 05:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-09-07 18:30 - 2013-02-02 05:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-09-07 18:30 - 2010-11-15 00:09 - 00000766 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-09-07 18:30 - 2009-04-25 07:28 - 00000000 ____D C:\Program Files\CCleaner

2013-09-07 18:27 - 2007-12-13 21:42 - 00000000 ____D C:\Program Files\Google

2013-09-06 09:16 - 2010-01-20 14:26 - 00000000 ____D C:\Users\Home\Documents\ALTYON

2013-08-28 12:23 - 2007-12-28 16:00 - 00000000 ____D C:\Users\Home\Documents\Martins

2013-08-27 11:28 - 2007-12-28 16:00 - 00000000 ____D C:\Users\Home\Documents\House general

2013-08-25 04:51 - 2011-01-28 11:00 - 00001945 _____ C:\Windows\epplauncher.mif

2013-08-25 04:43 - 2011-01-28 10:59 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-08-21 02:22 - 2013-08-21 02:21 - 00114161 _____ C:\Users\Home\Downloads\SKMBT_C45213081913040.zip

2013-08-19 17:15 - 2007-12-28 10:55 - 00000000 ____D C:\Users\Home\AppData\Local\Google

2013-08-17 02:34 - 2013-08-17 02:34 - 00065096 _____ C:\Users\Home\Downloads\report (12).csv

2013-08-13 19:05 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache

2013-08-13 19:01 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-08-13 18:28 - 2013-08-13 18:18 - 00000000 ____D C:\Windows\System32\MRT

2013-08-13 18:18 - 2006-11-02 02:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe

2013-08-13 18:15 - 2007-12-28 23:20 - 00000000 ____D C:\ProgramData\Microsoft Help

 

Files to move or delete:

====================

ZeroAccess:

C:\Users\Home\AppData\Local\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}

ZeroAccess:

C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}

C:\Users\Home\Motorola_Software_Update.exe

C:\Users\Home\Nero_Micro_Edition_8321.exe

C:\Users\Home\AppData\Local\Temp\InstallFlashPlayer.exe

 

==================== Known DLLs (Whitelisted) ============

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 10%

Total physical RAM: 3069.32 MB

Available physical RAM: 2732.33 MB

Total Pagefile: 2966.89 MB

Available Pagefile: 2831.76 MB

Total Virtual: 2047.88 MB

Available Virtual: 1982.35 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:450.59 GB) (Free:5.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive h: (Nov 21 2008) (CDROM) (Total:0.69 GB) (Free:0.66 GB) UDF

Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.28 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 70000000)

Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)

 

 

LastRegBack: 2013-09-10 10:26

 

==================== End Of Log ============================

Link to post
Share on other sites

One problem is that not all of ZA can be fixed in the recovery mode, so give this a try and see if you can run MBAR and fixdamage.exe

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........run MBAR
If not...rescan with FRST and post the new log

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Link to post
Share on other sites

Mr C.

Here is the fixlog (see below).  The PC then rebooted quicker than before.

I then ran run MBAR (took update first - BETA v1.07.0.1005).  

The scan showed 1 x malware found.  \Users\Home\AppData\Local\Temp\jar_cache8044683094205062720.tmp--> [Trojan.Agent.MDB]

Plus alot of removed 29 malware items were listed from previous deletions.

I then ran cleanup.

I am scanning again now.

Will revert after this next scan.

Thanks.

 

__________________

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-09-2013

Ran by SYSTEM at 2013-09-10 21:55:50 Run:1

Running from H:\

Boot Mode: Recovery

 

==============================================

 

Content of fixlist:

*****************

HKLM\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

HKU\IUSR_NMPR\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe

HKU\Home\...\Run: [Google Update] -

HKU\Home\...\Run: [AdobeBridge] -

HKLM\...\Run: [] -

S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}\   \...\???\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}\GoogleUpdate.exe"

S0 qfmmw; C:\Windows\System32\drivers\thijpf.sys

S0 luvjd; System32\drivers\ygtgol.sys

C:\Windows\System32\Drivers\thijpf.sys

C:\Windows\System32\Drivers\mewwj.sys

C:\Windows\System32\Drivers\nxqkdhq.sys

C:\Users\Home\AppData\Local\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}

C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}

C:\Users\Home\Motorola_Software_Update.exe

C:\Users\Home\Nero_Micro_Edition_8321.exe

C:\Users\Home\AppData\Local\Temp\InstallFlashPlayer.exe

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

 

 

 

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value deleted successfully.

HKU\IUSR_NMPR\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value deleted successfully.

HKU\Home\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\Home\...\Run: [Google Update] - => Value not found.

HKU\Home\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\Home\...\Run: [AdobeBridge] - => Value not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM\...\Run: [] - => Value not found.

*etadpug => Unable to delete service

*etadpug => Service should be removed with FRST outside recovery mode.

qfmmw => Service deleted successfully.

luvjd => Service deleted successfully.

C:\Windows\System32\Drivers\thijpf.sys => Moved successfully.

C:\Windows\System32\Drivers\mewwj.sys => Moved successfully.

C:\Windows\System32\Drivers\nxqkdhq.sys => Moved successfully.

"C:\Users\Home\AppData\Local\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}" => Could not move.

"C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}" => Could not move.

C:\Users\Home\Motorola_Software_Update.exe => Moved successfully.

C:\Users\Home\Nero_Micro_Edition_8321.exe => Moved successfully.

C:\Users\Home\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.

Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.

Error: DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client => entry should be fixed outside recovery mode.

 

==== End of Fixlog ====

Link to post
Share on other sites

Mr C.

I did a scan this morning with MBAM and saw a trojan.  But removed that one.  It was a different name, I'm sure.  Apologies as I was late leaving and closed the file.  I can sort that log if required.

 

But I've now run a FRST scan again and this is the result.  How does it look?  There is also an addition txt file if required?  See below this log.

 

 

__________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013

Ran by Home (administrator) on HOME-PC on 11-09-2013 20:01:23

Running from E:\

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Safe Mode (minimal)

 

==================== Processes (Whitelisted) ===================

 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\system32\cmd.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [bluetooth HCI Monitor] - RunDll32 HCIMNTR.DLL,RunCheckHCIMode

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-26] (Intel Corporation)

HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()

HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)

HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel® Corporation)

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-23] (Google)

HKLM\...\Run: [dlcqmon.exe] - C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()

HKLM\...\Run: [MemoryCardManager] - C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [988584 2007-08-31] (Microsoft Corporation)

HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)

HKLM\...\Run: [PMX Daemon] - ICO.EXE

HKLM\...\Run: [OxigenClientAdmin] - C:\Program Files\Oxigen\bin\Oxigen.exe [887264 2007-06-23] ()

HKLM\...\Run: [OxigenTrayIcon] - C:\Program Files\Oxigen\bin\OxiTray.exe [557536 2007-06-23] ()

HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-12] (SigmaTel, Inc.)

HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

HKLM\...\Run: [DLCQCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [NSU_agent] - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)

HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)

HKLM\...\Run: [] -

HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)

HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-15] (Google Inc.)

HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-21] (Samsung)

HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)

HKCU\...\Run: [AdobeBridge] -

HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)

HKCU\...\Run: [Google Update*] -  <===== ATTENTION (ZeroAccess rootkit hidden path)

MountPoints2: {262984f6-2a1f-11df-b04d-00197edbbcdc} - K:\.\MigWiz\migsetup.exe

MountPoints2: {ecf0e33e-72cf-11de-8616-806e6f6e6963} - J:\lzext.exe

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\IUSR_NMPR\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\IUSR_NMPR\...\Run: [MsnMsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3071214

URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

URLSearchHook: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll (Conduit Ltd.)

SearchScopes: HKCU - {2139AEBB-9FE3-4E5B-AEC8-672ABBA87D6C} URL = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {280B385B-581A-4111-A900-6C11FF0C8047} URL = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {44B5DA88-7A92-4331-82E7-3B5152B15483} URL = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=BdrWVZrtZXEV1UTNydwrj_8ELyk?q={searchTerms}

SearchScopes: HKCU - {72B5FC0D-177C-4273-83B1-1BEB0D676270} URL = http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_uk&p={searchTerms}

SearchScopes: HKCU - {87CFB4F8-346C-4452-AE73-1501D8553123} URL = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {B0E0652F-31E6-435B-BB08-EBC02693065D} URL = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {B470B8A5-86EC-4BE9-9223-F95F6B4933CD} URL = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv

SearchScopes: HKCU - {E3FDE227-C189-4852-A9B5-CA592DCC1908} URL = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv

BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File

BHO: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll (Conduit Ltd.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

BHO: SQplus - {CCF078EE-B071-4C40-9E57-F7B5962E8C95} - C:\Program Files\SeoQuake\SQplus.dll ()

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

Toolbar: HKLM - SeoQuake - {9C590067-8A6A-4db6-B052-069283790B04} - C:\Program Files\SeoQuake\SeoQuake.dll ()

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKLM - Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll (Conduit Ltd.)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU -No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File

Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU -Free TV Bar c3 Toolbar - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll (Conduit Ltd.)

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/jinstall-131_06-win.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default

FF SelectedSearchEngine: search

FF NetworkProxy: "no_proxies_on", "*.local"

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @veetle.com/vbp;version=0.9.16 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File

FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Home\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\searchplugins\search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

FF Extension: SeoQuake - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF Extension: Yahoo! Toolbar - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}

FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\

FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\

FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

 

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (BT Broadband Support Tools) - C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll (British Telecommunications Plc)

CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File

CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File

CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Home\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Google Translate) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0

CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2

CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Google Calendar) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0

CHR Extension: (cfc_theme) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbicmfpkbfojeckgolipkejmmedbdjo\1.0_1

CHR Extension: (Google Maps) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

 

========================== Services (Whitelisted) =================

 

S4 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel® Corporation)

S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel® Corporation)

S2 dlcq_device; C:\Windows\system32\dlcqcoms.exe [537480 2006-12-12] ( )

S4 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-23] (Google)

S2 gupdate1c9c5bd32cd5c25; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-25] (Google Inc.)

S2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel® Corporation)

S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()

S2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel® Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)

S2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel® Corporation)

S2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel® Corporation)

S2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel® Corporation)

S2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)

U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}\   \...\???\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

S3 BFAIFILT; C:\Windows\System32\Drivers\bfaifilt.sys [3264 2004-07-13] ()

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)

S3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [31896 2005-11-28] (DemoForge, LLC)

R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-12-14] (Intel Corporation)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)

S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))

S2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)

S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)

S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)

S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()

S3 U2KG54; C:\Windows\System32\DRIVERS\U2KG54.sys [245376 2005-10-17] (Ralink Technology Inc.)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-11 04:59 - 2013-09-11 04:59 - 00000000 ____D C:\FRST

2013-09-10 23:10 - 2013-09-10 23:10 - 00051416 _____ C:\Windows\system32\Drivers\imofugc.sys

2013-09-10 22:11 - 2013-09-10 23:10 - 00000000 ____D C:\Users\Home\Desktop\mbar

2013-09-10 18:31 - 2013-09-10 18:32 - 00000000 ____D C:\Users\Home\Desktop\Contacts vcf files

2013-09-10 18:21 - 2013-09-10 18:21 - 00000000 ____D C:\Users\Home\Desktop\FRST

2013-09-10 18:20 - 2013-09-10 18:22 - 00000000 ____D C:\Users\Home\Desktop\RogueKiller

2013-09-10 18:18 - 2013-09-10 18:18 - 01960454 _____ C:\Users\Home\Desktop\RogueKiller.zip

2013-09-10 18:18 - 2013-09-10 18:18 - 00892447 _____ C:\Users\Home\Desktop\RogueKiller alone.zip

2013-09-10 07:31 - 2013-09-10 07:31 - 00117748 _____ C:\Users\Home\Desktop\Contacts_sep13.zip

2013-09-10 07:28 - 2013-09-10 07:28 - 00761856 _____ C:\Users\Home\Desktop\Contacts_sep13.mdb

2013-09-10 07:28 - 2013-09-10 07:28 - 00038429 _____ C:\Users\Home\AppData\Roaming\Microsoft Access 97-2003.ADR

2013-09-09 21:34 - 2013-09-09 21:36 - 00385536 _____ C:\Users\Home\Desktop\contacts_sep13.xls

2013-09-08 21:02 - 2013-09-11 19:49 - 00047953 _____ C:\Windows\WindowsUpdate.log

2013-09-08 08:06 - 2013-09-08 08:06 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-08-28 13:04 - 2013-08-02 03:48 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-21 11:21 - 2013-08-21 11:22 - 00114161 _____ C:\Users\Home\Downloads\SKMBT_C45213081913040.zip

2013-08-17 11:34 - 2013-08-17 11:34 - 00065096 _____ C:\Users\Home\Downloads\report (12).csv

2013-08-14 03:18 - 2013-08-14 03:28 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 03:04 - 2013-07-25 03:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 03:04 - 2013-07-25 03:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 03:04 - 2013-07-25 03:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 03:04 - 2013-07-25 03:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 03:04 - 2013-07-25 03:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 03:04 - 2013-07-25 03:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-08-14 03:04 - 2013-07-25 03:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-14 03:04 - 2013-07-25 03:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-08-14 03:04 - 2013-07-25 03:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 03:04 - 2013-07-25 03:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-14 03:04 - 2013-07-25 03:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-14 01:36 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 01:36 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-08-14 01:36 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 01:36 - 2013-07-05 04:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 01:36 - 2013-07-05 02:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys

2013-08-14 01:36 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll

2013-08-14 01:36 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-14 01:35 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 01:35 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 01:35 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 01:35 - 2013-07-08 05:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 01:35 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 01:35 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

 

==================== One Month Modified Files and Folders =======

 

2013-09-11 19:49 - 2013-09-08 21:02 - 00047953 _____ C:\Windows\WindowsUpdate.log

2013-09-11 19:38 - 2009-04-15 07:34 - 00131072 _____ C:\Windows\system32\Ikeext.etl

2013-09-11 19:38 - 2007-12-14 05:39 - 00005332 _____ C:\Windows\bthservsdp.dat

2013-09-11 19:38 - 2006-11-02 14:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-09-11 19:38 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-11 19:36 - 2009-07-01 04:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-11 19:36 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-11 19:36 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-11 19:35 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\security

2013-09-11 19:14 - 2009-07-01 04:40 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-11 06:55 - 2007-12-28 19:51 - 00000000 ____D C:\Users\Home

2013-09-11 06:50 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Resources

2013-09-11 04:59 - 2013-09-11 04:59 - 00000000 ____D C:\FRST

2013-09-10 23:10 - 2013-09-10 23:10 - 00051416 _____ C:\Windows\system32\Drivers\imofugc.sys

2013-09-10 23:10 - 2013-09-10 22:11 - 00000000 ____D C:\Users\Home\Desktop\mbar

2013-09-10 23:10 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\DigitalLocker

2013-09-10 19:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Globalization

2013-09-10 19:01 - 2006-11-02 11:33 - 00731396 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-10 18:57 - 2007-12-28 20:04 - 00000000 ____D C:\Program Files\Dl_cats

2013-09-10 18:32 - 2013-09-10 18:31 - 00000000 ____D C:\Users\Home\Desktop\Contacts vcf files

2013-09-10 18:32 - 2008-04-12 11:56 - 00038450 _____ C:\Users\Home\AppData\Roaming\Comma Separated Values (Windows).ADR

2013-09-10 18:22 - 2013-09-10 18:20 - 00000000 ____D C:\Users\Home\Desktop\RogueKiller

2013-09-10 18:21 - 2013-09-10 18:21 - 00000000 ____D C:\Users\Home\Desktop\FRST

2013-09-10 18:18 - 2013-09-10 18:18 - 01960454 _____ C:\Users\Home\Desktop\RogueKiller.zip

2013-09-10 18:18 - 2013-09-10 18:18 - 00892447 _____ C:\Users\Home\Desktop\RogueKiller alone.zip

2013-09-10 07:31 - 2013-09-10 07:31 - 00117748 _____ C:\Users\Home\Desktop\Contacts_sep13.zip

2013-09-10 07:28 - 2013-09-10 07:28 - 00761856 _____ C:\Users\Home\Desktop\Contacts_sep13.mdb

2013-09-10 07:28 - 2013-09-10 07:28 - 00038429 _____ C:\Users\Home\AppData\Roaming\Microsoft Access 97-2003.ADR

2013-09-09 22:01 - 2007-12-28 19:57 - 00245760 _____ C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-09-09 21:36 - 2013-09-09 21:34 - 00385536 _____ C:\Users\Home\Desktop\contacts_sep13.xls

2013-09-09 21:34 - 2009-10-25 14:00 - 00038428 _____ C:\Users\Home\AppData\Roaming\Microsoft Excel 97-2003.ADR

2013-09-09 17:36 - 2007-12-29 00:59 - 00000000 ____D C:\Users\Home\Documents\Chelsea FC

2013-09-09 17:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Help

2013-09-08 20:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\L2Schemas

2013-09-08 20:06 - 2013-07-06 11:27 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-09-08 19:03 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Web

2013-09-08 08:28 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing

2013-09-08 08:06 - 2013-09-08 08:06 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-09-08 03:30 - 2013-02-02 14:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-09-08 03:30 - 2013-02-02 14:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-09-08 03:30 - 2010-11-15 09:09 - 00000766 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-09-08 03:30 - 2009-04-25 16:28 - 00000000 ____D C:\Program Files\CCleaner

2013-09-08 03:27 - 2007-12-14 06:42 - 00000000 ____D C:\Program Files\Google

2013-09-06 18:16 - 2010-01-20 23:26 - 00000000 ____D C:\Users\Home\Documents\ALTYON

2013-08-28 21:23 - 2007-12-29 01:00 - 00000000 ____D C:\Users\Home\Documents\Martins

2013-08-27 20:28 - 2007-12-29 01:00 - 00000000 ____D C:\Users\Home\Documents\House general

2013-08-25 13:51 - 2011-01-28 20:00 - 00001945 _____ C:\Windows\epplauncher.mif

2013-08-25 13:43 - 2011-01-28 19:59 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-08-21 11:22 - 2013-08-21 11:21 - 00114161 _____ C:\Users\Home\Downloads\SKMBT_C45213081913040.zip

2013-08-20 02:15 - 2007-12-28 19:55 - 00000000 ____D C:\Users\Home\AppData\Local\Google

2013-08-17 11:34 - 2013-08-17 11:34 - 00065096 _____ C:\Users\Home\Downloads\report (12).csv

2013-08-14 04:05 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache

2013-08-14 04:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-08-14 03:28 - 2013-08-14 03:18 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 03:18 - 2006-11-02 11:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-08-14 03:15 - 2007-12-29 08:20 - 00000000 ____D C:\ProgramData\Microsoft Help

 

Files to move or delete:

====================

ZeroAccess:

C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-09-11 19:54

 

==================== End Of Log ============================

 

 

 

 

_____________

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013

Ran by Home at 2013-09-11 20:03:30

Running from E:\

Boot Mode: Safe Mode (minimal)

==========================================================

 

 

==================== Installed Programs =======================

 

 Update for Microsoft Office 2007 (KB2508958)

ABBYY FineReader 6.0 Sprint (Version: 6.00.1784.41616)

Acrobat.com (Version: 1.6.65)

Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)

Adobe AIR (Version: 2.5.1.17730)

Adobe Common File Installer (Version: 1.00.002)

Adobe Community Help (Version: 3.4.980)

Adobe Content Viewer (Version: 1.4.0)

Adobe Creative Suite 5.5 Design Premium (Version: 5.5)

Adobe Flash Player 10 Plugin (Version: 10.2.153.1)

Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)

Adobe Widget Browser (Version: 2.0 Build 230)

Adobe Widget Browser (Version: 2.0.230)

Apple Application Support (Version: 2.2.2)

Apple Mobile Device Support (Version: 6.0.0.59)

Apple Software Update (Version: 2.1.3.127)

Applet

ATI Catalyst Control Center (Version: 2.007.0731.2233)

Bonjour (Version: 3.0.0.10)

Browser Address Error Redirector (Version: 1.00.0000)

BT Broadband Desktop Help

BT Broadband Support Tools

BT Yahoo! Applications

BTHomeHub

Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497)

Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497)

Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497)

Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497)

Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497)

Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization French (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization German (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497)

Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497)

CCC Help Chinese Standard (Version: 2007.0731.2233.38497)

CCC Help Chinese Traditional (Version: 2007.0731.2233.38497)

CCC Help English (Version: 2007.0731.2233.38497)

CCC Help French (Version: 2007.0731.2233.38497)

CCC Help German (Version: 2007.0731.2233.38497)

CCC Help Hungarian (Version: 2007.0731.2233.38497)

CCC Help Italian (Version: 2007.0731.2233.38497)

CCC Help Japanese (Version: 2007.0731.2233.38497)

CCC Help Korean (Version: 2007.0731.2233.38497)

CCC Help Polish (Version: 2007.0731.2233.38497)

CCC Help Portuguese (Version: 2007.0731.2233.38497)

CCC Help Spanish (Version: 2007.0731.2233.38497)

CCC Help Thai (Version: 2007.0731.2233.38497)

CCC Help Turkish (Version: 2007.0731.2233.38497)

ccc-core-static (Version: 2007.0731.2234.38497)

ccc-utility (Version: 2007.0731.2234.38497)

CCleaner (Version: 4.05)

D3DX10 (Version: 15.4.2368.0902)

Dell Getting Started Guide (Version: 1.00.0000)

Dell PC Fax

Dell Photo AIO Printer 966

Dell Support Center (Version: 2.0.07282)

Free TV Bar c3 Toolbar (Version: 5.7.2.2)

Google Chrome (Version: 29.0.1547.66)

Google Desktop (Version: 5.9.1005.12335)

Google Drive (Version: 1.11.4865.2530)

Google Earth (Version: 4.2.205.5730)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)

Google Update Helper (Version: 1.3.21.153)

GoToAssist Corporate (Version: 9.0.570)

Hauppauge MCE XP/Vista Software Encoder (2.0.25296) (Version: 2.0.25296)

Hauppauge TV Tuner Driver (Version: 2.0.25312)

iCloud (Version: 1.1.0.40)

Intel® Matrix Storage Manager

Intel® PRO Network Connections 12.1.12.4 (Version: )

Intel® Viiv Software (Version: 1.7.512.0)

iPhone Configuration Utility (Version: 2.1.0.163)

iTunes (Version: 10.7.0.21)

Java 2 Runtime Environment Standard Edition v1.3.1_06

Java Auto Updater (Version: 2.0.2.4)

Java 6 Update 22 (Version: 6.0.220)

Java SE Runtime Environment 6 (Version: 1.6.0.0)

Junk Mail filter update (Version: 15.4.3502.0922)

Macromedia Fireworks MX (Version: 6)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Mesh Runtime (Version: 15.4.5722.2)

Messenger Companion (Version: 15.4.3502.0922)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)

Microsoft IntelliType Pro 6.2 (Version: 6.20.182.0)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook Connector (Version: 14.0.5118.5000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Security Client (Version: 4.3.0215.0)

Microsoft Security Essentials (Version: 4.3.215.0)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Works (Version: 08.05.0818)

Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)

Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)

Microsoft_VC90_ATL_x86 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)

MobileMe Control Panel (Version: 3.1.8.0)

Motorola Driver Installation 3.4.0 (Version: 3.4.0)

Mouse Suite for Desktop Computers (Version: 2.50.025)

Mozilla Firefox 10.0.2 (x86 en-GB) (Version: 10.0.2)

MSVC80_x86 (Version: 1.0.1.0)

MSVC80_x86_v2 (Version: 1.0.3.0)

MSVC90_x86 (Version: 1.0.1.2)

MSVCRT (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

MyFreeCodec

MYOB Accounting v16 (Version: 16)

MYOB ODBC Direct v7 (Version: 7.0.0)

Nero 8 Micro v8.3.2.1

Nokia Connectivity Cable Driver (Version: 7.1.101.0)

Nokia Home Media Server (Version: 1.0.174)

Nokia Map Loader (Version: 1.3.12)

Nokia Ovi Player (Version: 2.1.10304)

Nokia PC Suite (Version: 7.1.60.0)

Nokia Photos (Version: 1.6.434)

Nokia Software Updater (Version: 3.0.655)

Nokia Suite (Version: 3.7.22.0)

Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86)

Oxigen Client v5.00.0000 (Version: 5.00.0000)

PC Connectivity Solution (Version: 12.0.76.0)

PDF Settings CS5 (Version: 10.0)

PPLite 1.0.0.0012

Print to Fax (Version: 1.00)

Projector (Version: 3)

QuickTime (Version: 7.72.80.56)

Roxio Activation Module (Version: 1.0)

Roxio Creator Audio (Version: 3.5.0)

Roxio Creator BDAV Plugin (Version: 3.5.0)

Roxio Creator Copy (Version: 3.5.0)

Roxio Creator Data (Version: 3.5.0)

Roxio Creator Premier (Version: 3.5.0)

Roxio Creator Tools (Version: 3.5.0)

Roxio EasyArchive (Version: 3.5.0)

Roxio Express Labeler (Version: 3.2)

Roxio MyDVD Premier (Version: 9.1.573)

Roxio Update Manager (Version: 6.0.0)

Samsung Kies (Version: 2.5.3.13043_14)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)

Scalextric Track Designer v1.1.2

Segoe UI (Version: 15.4.2271.0615)

SeoQuake

Skins (Version: 2007.0731.2234.38497)

Skype™ 5.10 (Version: 5.10.116)

Sonic CinePlayer Decoder Pack (Version: 4.2.0)

Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

User's Guides

Visual C++ 8.0 ATL (x86) WinSXS MSM (Version: 8.0.50727.762)

Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)

VLC media player 0.9.9 (Version: 0.9.9)

WHC Trader 4.00 (Version: 4.00)

WIDCOMM Bluetooth Software 6.0.1.4300 (Version: 6.0.1.4300)

Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.8) (Version: 06/09/2010 7.01.0.8)

Windows Driver Package - Nokia Modem  (10/07/2010 4.6) (Version: 10/07/2010 4.6)

Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)

Windows Installer Clean Up (Version: 3.00.00.0000)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Family Safety (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live Messenger Companion Core (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3502.0922)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Mobile Device Center (Version: 6.1.6965.0)

Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)

Windows Mobile Device Updater Component (Version: 04.08.2345.00)

WinSCP 4.2.5 (Version: 4.2.5)

Yahoo! BrowserPlus 2.9.8

Yahoo! Toolbar

Zune (Version: 04.08.2345.00)

Zune Language Pack (CHS) (Version: 04.08.2345.00)

Zune Language Pack (CHT) (Version: 04.08.2345.00)

Zune Language Pack (CSY) (Version: 04.08.2345.00)

Zune Language Pack (DAN) (Version: 04.08.2345.00)

Zune Language Pack (DEU) (Version: 04.08.2345.00)

Zune Language Pack (ELL) (Version: 04.08.2345.00)

Zune Language Pack (ESP) (Version: 04.08.2345.00)

Zune Language Pack (FIN) (Version: 04.08.2345.00)

Zune Language Pack (FRA) (Version: 04.08.2345.00)

Zune Language Pack (HUN) (Version: 04.08.2345.00)

Zune Language Pack (IND) (Version: 04.08.2345.00)

Zune Language Pack (ITA) (Version: 04.08.2345.00)

Zune Language Pack (JPN) (Version: 04.08.2345.00)

Zune Language Pack (KOR) (Version: 04.08.2345.00)

Zune Language Pack (MSL) (Version: 04.08.2345.00)

Zune Language Pack (NLD) (Version: 04.08.2345.00)

Zune Language Pack (NOR) (Version: 04.08.2345.00)

Zune Language Pack (PLK) (Version: 04.08.2345.00)

Zune Language Pack (PTB) (Version: 04.08.2345.00)

Zune Language Pack (PTG) (Version: 04.08.2345.00)

Zune Language Pack (RUS) (Version: 04.08.2345.00)

Zune Language Pack (SVE) (Version: 04.08.2345.00)

 

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

2013-01-11 18:43 - 2013-01-11 18:43 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                   activate.adobe.com

127.0.0.1                   practivate.adobe.com

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {14970570-3014-4904-A26B-898B46026D55} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {4192EFE1-4AF1-4602-9DD3-E9750027E1D9} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2007-08-31] (Microsoft Corporation)

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {52DD9E67-C434-4868-A81B-06614513A6CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {6D7719C5-315C-41EC-A9FF-50A0DE0D8C3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-25] (Google Inc.)

Task: {905D6EA3-C455-481C-8903-80DA303AAD2B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)

Task: {A76408E4-357D-4C7D-A6FF-DBB6926BD5B6} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)

Task: {AE2858D9-9F17-496A-8B36-2A048128FCCC} - System32\Tasks\AdobeAAMUpdater-1.0-Home-PC-Home => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)

Task: {B0DE40A2-87EC-408A-9DAF-E29A27AAB738} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)

Task: {B6A17411-13A3-44C8-B929-2239FB2942A4} - System32\Tasks\task369638659 => C:\Users\Home\AppData\Local\Temp\0.7085436633149921.exe

Task: {CEE13D0D-C21F-4149-BCB9-41FDEB0DA08A} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2007-08-31] (Microsoft Corporation)

Task: {DFBA7FF0-C8D1-4FE5-9B77-AC9F33003CB3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

Task: {EF840781-DB1B-488B-BFE2-9D32E4C98D67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)

Task: {F302557A-4258-41AA-B49B-180FEACE6088} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-25] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

 

==================== Alternate Data Streams (whitelisted) ==========

 

 

==================== Faulty Device Manager Devices =============

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/11/2013 07:34:45 PM) (Source: EventSystem) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

 

Error: (09/11/2013 03:35:31 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\PUBLIC\OXIGEN\WORKING\PROC\OXIGEN.XML> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

                A device attached to the system is not functioning.   (0x8007001f)

 

Error: (09/11/2013 02:34:26 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\PUBLIC\OXIGEN\WORKING\PROC\OXIGEN.XML> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

                A device attached to the system is not functioning.   (0x8007001f)

 

Error: (09/11/2013 02:24:20 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\PUBLIC\OXIGEN\WORKING\PROC\OXIGEN.XML> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

                A device attached to the system is not functioning.   (0x8007001f)

 

Error: (09/11/2013 02:09:02 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\PUBLIC\OXIGEN\WORKING\PROC\OXIGEN.XML> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

                A device attached to the system is not functioning.   (0x8007001f)

 

Error: (09/11/2013 01:58:10 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\PUBLIC\OXIGEN\WORKING\PROC\OXIGEN.XML> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

                A device attached to the system is not functioning.   (0x8007001f)

 

Error: (09/11/2013 01:52:15 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\PUBLIC\OXIGEN\WORKING\PROC\OXIGEN.XML> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

                A device attached to the system is not functioning.   (0x8007001f)

 

Error: (09/11/2013 07:28:00 AM) (Source: AlertSource) (User: )

Description:

 

Error: (09/11/2013 07:27:14 AM) (Source: Application Error) (User: )

Description: Faulting application CCU_Engine.exe, version 1.7.548.0, time stamp 0x46803fc5, faulting module CCU_Engine.exe, version 1.7.548.0, time stamp 0x46803fc5, exception code 0xc0000005, fault offset 0x00013190,

process id 0xb30, application start time 0xCCU_Engine.exe0.

 

Error: (09/11/2013 06:59:45 AM) (Source: Application Error) (User: )

Description: Faulting application KiesPDLR.exe, version 1.0.0.1, time stamp 0x51874a1e, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xe06d7363, fault offset 0x0003fc16,

process id 0x618, application start time 0xKiesPDLR.exe0.

 

 

System errors:

=============

Error: (09/11/2013 08:00:57 PM) (Source: cdrom) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (09/11/2013 07:49:39 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

                New Signature Version:

 

                Previous Signature Version: 1.157.1430.0

 

                Update Source: %NT AUTHORITY59

 

                Update Stage: 4.3.0215.00

 

                Source Path: 4.3.0215.01

 

                Signature Type: %NT AUTHORITY602

 

                Update Type: %NT AUTHORITY604

 

                User: NT AUTHORITY\SYSTEM

 

                Current Engine Version: %NT AUTHORITY605

 

                Previous Engine Version: %NT AUTHORITY606

 

                Error code: %NT AUTHORITY607

 

                Error description: %NT AUTHORITY608

 

Error: (09/11/2013 07:49:39 PM) (Source: DCOM) (User: )

Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error: (09/11/2013 07:40:48 PM) (Source: Service Control Manager) (User: )

Description: AFD

DfsC

MpFilter

NetBIOS

netbt

nsiproxy

PSched

RasAcd

rdbss

Smb

spldr

tdx

Wanarpv6

 

Error: (09/11/2013 07:40:48 PM) (Source: Service Control Manager) (User: )

Description: Network List ServiceNetwork Location Awareness%%1068

 

Error: (09/11/2013 07:40:48 PM) (Source: Service Control Manager) (User: )

Description: Network Location AwarenessNetwork Store Interface Service%%1068

 

Error: (09/11/2013 07:40:48 PM) (Source: Service Control Manager) (User: )

Description: Microsoft Network Inspection SystemMicrosoft Malware Protection Driver%%31

 

Error: (09/11/2013 07:40:48 PM) (Source: Service Control Manager) (User: )

Description: IP HelperNetwork Store Interface Service%%1068

 

Error: (09/11/2013 07:40:48 PM) (Source: Service Control Manager) (User: )

Description: WebClientWebDav Client Redirector Driver%%1068

 

Error: (09/11/2013 07:40:48 PM) (Source: Service Control Manager) (User: )

Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

 

 

Microsoft Office Sessions:

=========================

Error: (04/08/2013 05:40:28 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 111913 seconds with 1440 seconds of active time.  This session ended with a crash.

 

Error: (12/21/2012 06:53:33 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 36913 seconds with 2040 seconds of active time.  This session ended with a crash.

 

Error: (10/23/2012 11:46:13 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1532 seconds with 660 seconds of active time.  This session ended with a crash.

 

Error: (05/07/2012 11:35:25 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7252 seconds with 960 seconds of active time.  This session ended with a crash.

 

Error: (05/07/2012 07:54:28 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 400225 seconds with 6780 seconds of active time.  This session ended with a crash.

 

Error: (01/03/2012 07:44:43 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 553 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error: (03/31/2011 04:59:36 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19665 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error: (02/07/2011 07:44:22 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 214408 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error: (10/31/2010 03:38:58 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 77237 seconds with 660 seconds of active time.  This session ended with a crash.

 

Error: (09/10/2010 06:35:08 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 260506 seconds with 5700 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-08-25 13:53:17.663

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-25 13:53:17.402

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-25 13:53:17.132

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-25 13:53:16.833

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-25 13:43:03.279

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-25 13:43:02.994

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-25 13:43:02.689

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-25 13:43:02.435

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-25 13:43:00.771

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-25 13:43:00.511

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 18%

Total physical RAM: 3069.22 MB

Available physical RAM: 2495.04 MB

Total Pagefile: 6339.45 MB

Available Pagefile: 6025.9 MB

Total Virtual: 2047.88 MB

Available Virtual: 1954.39 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:450.59 GB) (Free:88.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.28 GB) NTFS

Drive e: (Nov 21 2008) (CDROM) (Total:0.69 GB) (Free:0.59 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 70000000)

Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Reboot and run another scan with RogueKiller and post the new log.......MrC


EDIT:
These are in your host file for one reason only....to by-pass adobe activations: (Piracy)

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com


REMOVE THEM NOW.....MrC

Link to post
Share on other sites

Thanks Mr.C.

Looks all ok now, I think.  Please advise, though.

Many thanks your help.

 

Donation on its way but do please let me know if this looks ok.

 

FRST log, FIX log, and MBAW log too!

 

Kind regards

 

 

_______________

 

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013

Ran by Home (administrator) on HOME-PC on 11-09-2013 21:07:41

Running from E:\

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe

( ) C:\Windows\system32\dlcqcoms.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

(Intel® Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

(Intel® Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

(Intel® Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

(SigmaTel, Inc.) C:\Windows\system32\STacSV.exe

(Intel® Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

(Intel Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

() C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe

() C:\Program Files\Dell Photo AIO Printer 966\memcard.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

() C:\Program Files\Oxigen\bin\Oxigen.exe

() C:\Program Files\Oxigen\bin\OxiTray.exe

(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

(Samsung) C:\Program Files\Samsung\Kies\Kies.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [bluetooth HCI Monitor] - RunDll32 HCIMNTR.DLL,RunCheckHCIMode

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-26] (Intel Corporation)

HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()

HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)

HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel® Corporation)

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-23] (Google)

HKLM\...\Run: [dlcqmon.exe] - C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()

HKLM\...\Run: [MemoryCardManager] - C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [988584 2007-08-31] (Microsoft Corporation)

HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)

HKLM\...\Run: [PMX Daemon] - ICO.EXE

HKLM\...\Run: [OxigenClientAdmin] - C:\Program Files\Oxigen\bin\Oxigen.exe [887264 2007-06-23] ()

HKLM\...\Run: [OxigenTrayIcon] - C:\Program Files\Oxigen\bin\OxiTray.exe [557536 2007-06-23] ()

HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-12] (SigmaTel, Inc.)

HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

HKLM\...\Run: [DLCQCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [NSU_agent] - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)

HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)

HKLM\...\Run: [] -

HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)

HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-15] (Google Inc.)

HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-21] (Samsung)

HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)

HKCU\...\Run: [AdobeBridge] -

HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)

MountPoints2: {262984f6-2a1f-11df-b04d-00197edbbcdc} - K:\.\MigWiz\migsetup.exe

MountPoints2: {ecf0e33e-72cf-11de-8616-806e6f6e6963} - J:\lzext.exe

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3071214

URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

URLSearchHook: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll (Conduit Ltd.)

SearchScopes: HKCU - {2139AEBB-9FE3-4E5B-AEC8-672ABBA87D6C} URL = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {280B385B-581A-4111-A900-6C11FF0C8047} URL = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {44B5DA88-7A92-4331-82E7-3B5152B15483} URL = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=BdrWVZrtZXEV1UTNydwrj_8ELyk?q={searchTerms}

SearchScopes: HKCU - {72B5FC0D-177C-4273-83B1-1BEB0D676270} URL = http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_uk&p={searchTerms}

SearchScopes: HKCU - {87CFB4F8-346C-4452-AE73-1501D8553123} URL = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {B0E0652F-31E6-435B-BB08-EBC02693065D} URL = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv

SearchScopes: HKCU - {B470B8A5-86EC-4BE9-9223-F95F6B4933CD} URL = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv

SearchScopes: HKCU - {E3FDE227-C189-4852-A9B5-CA592DCC1908} URL = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv

BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File

BHO: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll (Conduit Ltd.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

BHO: SQplus - {CCF078EE-B071-4C40-9E57-F7B5962E8C95} - C:\Program Files\SeoQuake\SQplus.dll ()

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

Toolbar: HKLM - SeoQuake - {9C590067-8A6A-4db6-B052-069283790B04} - C:\Program Files\SeoQuake\SeoQuake.dll ()

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKLM - Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll (Conduit Ltd.)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU -No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File

Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU -Free TV Bar c3 Toolbar - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dll (Conduit Ltd.)

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/jinstall-131_06-win.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default

FF SelectedSearchEngine: search

FF NetworkProxy: "no_proxies_on", "*.local"

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @veetle.com/vbp;version=0.9.16 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File

FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Home\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\searchplugins\search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

FF Extension: SeoQuake - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF Extension: Yahoo! Toolbar - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}

FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\

FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\

FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

 

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (BT Broadband Support Tools) - C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll (British Telecommunications Plc)

CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File

CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File

CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Home\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Google Translate) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0

CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2

CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Google Calendar) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0

CHR Extension: (cfc_theme) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbicmfpkbfojeckgolipkejmmedbdjo\1.0_1

CHR Extension: (Google Maps) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

 

========================== Services (Whitelisted) =================

 

S4 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel® Corporation)

S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel® Corporation)

R2 dlcq_device; C:\Windows\system32\dlcqcoms.exe [537480 2006-12-12] ( )

S4 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-23] (Google)

S2 gupdate1c9c5bd32cd5c25; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-25] (Google Inc.)

R2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel® Corporation)

S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()

R2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel® Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)

R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel® Corporation)

R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel® Corporation)

R2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel® Corporation)

R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

S3 BFAIFILT; C:\Windows\System32\Drivers\bfaifilt.sys [3264 2004-07-13] ()

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)

R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [31896 2005-11-28] (DemoForge, LLC)

R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-12-14] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)

S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA))

R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)

S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)

R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)

S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()

S3 U2KG54; C:\Windows\System32\DRIVERS\U2KG54.sys [245376 2005-10-17] (Ralink Technology Inc.)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-11 20:32 - 2013-09-11 20:32 - 00002612 _____ C:\Users\Home\Desktop\RKreport[0]_S_09112013_203221.txt

2013-09-11 20:29 - 2013-09-11 20:29 - 00005252 _____ C:\Users\Home\Desktop\RKreport[0]_D_09112013_202933.txt

2013-09-11 20:28 - 2013-09-11 20:28 - 00004580 _____ C:\Users\Home\Desktop\RKreport[0]_S_09112013_202855.txt

2013-09-11 20:23 - 2013-09-11 20:33 - 00000000 ____D C:\Users\Home\Desktop\RK_Quarantine

2013-09-11 04:59 - 2013-09-11 04:59 - 00000000 ____D C:\FRST

2013-09-10 23:10 - 2013-09-10 23:10 - 00051416 _____ C:\Windows\system32\Drivers\imofugc.sys

2013-09-10 22:11 - 2013-09-11 20:23 - 00000000 ____D C:\Users\Home\Desktop\mbar

2013-09-10 18:31 - 2013-09-10 18:32 - 00000000 ____D C:\Users\Home\Desktop\Contacts vcf files

2013-09-10 18:21 - 2013-09-10 18:21 - 00000000 ____D C:\Users\Home\Desktop\FRST

2013-09-10 18:20 - 2013-09-10 18:22 - 00000000 ____D C:\Users\Home\Desktop\RogueKiller

2013-09-10 18:18 - 2013-09-10 18:18 - 01960454 _____ C:\Users\Home\Desktop\RogueKiller.zip

2013-09-10 18:18 - 2013-09-10 18:18 - 00892447 _____ C:\Users\Home\Desktop\RogueKiller alone.zip

2013-09-10 07:31 - 2013-09-10 07:31 - 00117748 _____ C:\Users\Home\Desktop\Contacts_sep13.zip

2013-09-10 07:28 - 2013-09-10 07:28 - 00761856 _____ C:\Users\Home\Desktop\Contacts_sep13.mdb

2013-09-10 07:28 - 2013-09-10 07:28 - 00038429 _____ C:\Users\Home\AppData\Roaming\Microsoft Access 97-2003.ADR

2013-09-09 21:34 - 2013-09-09 21:36 - 00385536 _____ C:\Users\Home\Desktop\contacts_sep13.xls

2013-09-08 21:02 - 2013-09-11 20:52 - 00096111 _____ C:\Windows\WindowsUpdate.log

2013-09-08 08:06 - 2013-09-08 08:06 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-08-28 13:04 - 2013-08-02 03:48 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-21 11:21 - 2013-08-21 11:22 - 00114161 _____ C:\Users\Home\Downloads\SKMBT_C45213081913040.zip

2013-08-17 11:34 - 2013-08-17 11:34 - 00065096 _____ C:\Users\Home\Downloads\report (12).csv

2013-08-14 03:18 - 2013-08-14 03:28 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 03:04 - 2013-07-25 03:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 03:04 - 2013-07-25 03:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 03:04 - 2013-07-25 03:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 03:04 - 2013-07-25 03:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 03:04 - 2013-07-25 03:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 03:04 - 2013-07-25 03:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-08-14 03:04 - 2013-07-25 03:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-14 03:04 - 2013-07-25 03:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-08-14 03:04 - 2013-07-25 03:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-08-14 03:04 - 2013-07-25 03:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 03:04 - 2013-07-25 03:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-14 03:04 - 2013-07-25 03:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-14 01:36 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 01:36 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-08-14 01:36 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 01:36 - 2013-07-05 04:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 01:36 - 2013-07-05 02:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys

2013-08-14 01:36 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll

2013-08-14 01:36 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-14 01:35 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 01:35 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 01:35 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 01:35 - 2013-07-08 05:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 01:35 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 01:35 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

 

==================== One Month Modified Files and Folders =======

 

2013-09-11 20:52 - 2013-09-08 21:02 - 00096111 _____ C:\Windows\WindowsUpdate.log

2013-09-11 20:52 - 2009-07-01 04:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-11 20:35 - 2009-04-15 07:34 - 00065536 _____ C:\Windows\system32\Ikeext.etl

2013-09-11 20:35 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-11 20:35 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-11 20:35 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-11 20:33 - 2013-09-11 20:23 - 00000000 ____D C:\Users\Home\Desktop\RK_Quarantine

2013-09-11 20:33 - 2007-12-14 05:39 - 00005332 _____ C:\Windows\bthservsdp.dat

2013-09-11 20:33 - 2006-11-02 14:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-09-11 20:32 - 2013-09-11 20:32 - 00002650 _____ C:\Users\Home\Desktop\RKreport[0]_D_09112013_203251.txt

2013-09-11 20:32 - 2013-09-11 20:32 - 00002612 _____ C:\Users\Home\Desktop\RKreport[0]_S_09112013_203221.txt

2013-09-11 20:29 - 2013-09-11 20:29 - 00005252 _____ C:\Users\Home\Desktop\RKreport[0]_D_09112013_202933.txt

2013-09-11 20:28 - 2013-09-11 20:28 - 00004580 _____ C:\Users\Home\Desktop\RKreport[0]_S_09112013_202855.txt

2013-09-11 20:23 - 2013-09-10 22:11 - 00000000 ____D C:\Users\Home\Desktop\mbar

2013-09-11 19:35 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\security

2013-09-11 19:14 - 2009-07-01 04:40 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-11 06:55 - 2007-12-28 19:51 - 00000000 ____D C:\Users\Home

2013-09-11 06:50 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Resources

2013-09-11 04:59 - 2013-09-11 04:59 - 00000000 ____D C:\FRST

2013-09-10 23:10 - 2013-09-10 23:10 - 00051416 _____ C:\Windows\system32\Drivers\imofugc.sys

2013-09-10 23:10 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\DigitalLocker

2013-09-10 19:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Globalization

2013-09-10 19:01 - 2006-11-02 11:33 - 00731396 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-10 18:57 - 2007-12-28 20:04 - 00000000 ____D C:\Program Files\Dl_cats

2013-09-10 18:32 - 2013-09-10 18:31 - 00000000 ____D C:\Users\Home\Desktop\Contacts vcf files

2013-09-10 18:32 - 2008-04-12 11:56 - 00038450 _____ C:\Users\Home\AppData\Roaming\Comma Separated Values (Windows).ADR

2013-09-10 18:22 - 2013-09-10 18:20 - 00000000 ____D C:\Users\Home\Desktop\RogueKiller

2013-09-10 18:21 - 2013-09-10 18:21 - 00000000 ____D C:\Users\Home\Desktop\FRST

2013-09-10 18:18 - 2013-09-10 18:18 - 01960454 _____ C:\Users\Home\Desktop\RogueKiller.zip

2013-09-10 18:18 - 2013-09-10 18:18 - 00892447 _____ C:\Users\Home\Desktop\RogueKiller alone.zip

2013-09-10 07:31 - 2013-09-10 07:31 - 00117748 _____ C:\Users\Home\Desktop\Contacts_sep13.zip

2013-09-10 07:28 - 2013-09-10 07:28 - 00761856 _____ C:\Users\Home\Desktop\Contacts_sep13.mdb

2013-09-10 07:28 - 2013-09-10 07:28 - 00038429 _____ C:\Users\Home\AppData\Roaming\Microsoft Access 97-2003.ADR

2013-09-09 22:01 - 2007-12-28 19:57 - 00245760 _____ C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-09-09 21:36 - 2013-09-09 21:34 - 00385536 _____ C:\Users\Home\Desktop\contacts_sep13.xls

2013-09-09 21:34 - 2009-10-25 14:00 - 00038428 _____ C:\Users\Home\AppData\Roaming\Microsoft Excel 97-2003.ADR

2013-09-09 17:36 - 2007-12-29 00:59 - 00000000 ____D C:\Users\Home\Documents\Chelsea FC

2013-09-09 17:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Help

2013-09-08 20:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\L2Schemas

2013-09-08 20:06 - 2013-07-06 11:27 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-09-08 19:03 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Web

2013-09-08 08:28 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing

2013-09-08 08:06 - 2013-09-08 08:06 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-09-08 03:30 - 2013-02-02 14:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-09-08 03:30 - 2013-02-02 14:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-09-08 03:30 - 2010-11-15 09:09 - 00000766 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-09-08 03:30 - 2009-04-25 16:28 - 00000000 ____D C:\Program Files\CCleaner

2013-09-08 03:27 - 2007-12-14 06:42 - 00000000 ____D C:\Program Files\Google

2013-09-06 18:16 - 2010-01-20 23:26 - 00000000 ____D C:\Users\Home\Documents\ALTYON

2013-08-28 21:23 - 2007-12-29 01:00 - 00000000 ____D C:\Users\Home\Documents\Martins

2013-08-27 20:28 - 2007-12-29 01:00 - 00000000 ____D C:\Users\Home\Documents\House general

2013-08-25 13:51 - 2011-01-28 20:00 - 00001945 _____ C:\Windows\epplauncher.mif

2013-08-25 13:43 - 2011-01-28 19:59 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-08-21 11:22 - 2013-08-21 11:21 - 00114161 _____ C:\Users\Home\Downloads\SKMBT_C45213081913040.zip

2013-08-20 02:15 - 2007-12-28 19:55 - 00000000 ____D C:\Users\Home\AppData\Local\Google

2013-08-17 11:34 - 2013-08-17 11:34 - 00065096 _____ C:\Users\Home\Downloads\report (12).csv

2013-08-14 04:05 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache

2013-08-14 04:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-08-14 03:28 - 2013-08-14 03:18 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 03:18 - 2006-11-02 11:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-08-14 03:15 - 2007-12-29 08:20 - 00000000 ____D C:\ProgramData\Microsoft Help

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-09-11 20:53

 

==================== End Of Log ============================

 

 

FIX log

_____________________

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-09-2013

Ran by Home at 2013-09-11 21:09:02 Run:2

Running from E:\

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

HKCU\...\Run: [Google Update*] - 

U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}\   \...\???\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}\GoogleUpdate.exe"

C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}

 

*****************

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.

*etadpug => Service not found.

"C:\Program Files\Google\Desktop\Install\{70c6cd53-d2f2-38c4-aa2d-bea239d1edd4}" => File/Directory not found.

 

==== End of Fixlog ====

 

_________________

 

 

 

And MBAM scan...

_________________

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.08.03

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Home :: HOME-PC [administrator]

 

11/09/2013 20:53:27

mbam-log-2013-09-11 (20-53-27).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 273831

Time elapsed: 11 minute(s), 28 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

______________

 

 

 

How's it looking...?

 

Kind regards

Link to post
Share on other sites

Looks OK....

Lets clean out any adware while you're here: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Mr C, I was unable to do the extra work last nigth as had to go startight out on returning home.  I plan to do it this evening and final clear up over the weekend.

If you would prefer I posted a final print of FRST results then please leave post open, but if you think all's ok then close it.  

 

I will donate you some cash for the help with the trojan.zaccess hassle.

 

Many thanks

Link to post
Share on other sites

Mr C.

I ran the adware program but somehow accepted a games website.  I'll try and remove that now.

 

But here is the result of my deletion scan after the adware install.

 

____________

 

# AdwCleaner v3.003 - Report created 14/09/2013 at 11:11:06

# Updated 07/09/2013 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : Home - HOME-PC

# Running from : C:\Users\Home\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Free_TV_Bar_c3

Folder Deleted : C:\Users\Home\AppData\Local\Conduit

Folder Deleted : C:\Users\Home\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Home\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Home\AppData\LocalLow\Free_TV_Bar_c3

Folder Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

File Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\searchplugins\search.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2399412

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E4B196E-5E31-474B-A5C6-95CCB824510F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7E4B196E-5E31-474B-A5C6-95CCB824510F}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Toolbar

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Free_TV_Bar_c3

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Toolbar

Key Deleted : HKLM\Software\Free_TV_Bar_c3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free_TV_Bar_c3 Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free_TV_Bar_c3 Toolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16506

 

 

-\\ Mozilla Firefox v10.0.2 (en-GB)

 

[ File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\prefs.js ]

 

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [5491 octets] - [14/09/2013 11:08:46]

AdwCleaner[s0].txt - [5532 octets] - [14/09/2013 11:11:06]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5592 octets] ##########

 

_____________

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

I've just done another MBAM scan and found a couple of problems again, plus loads of PUP stuff.  33 finds in all.  The previous MBAM scan had been clean.  The adware download seems to have added alot more.  From that freedownload site?  I am now doing a few scans and will try and clean all this out.  

 

P.S. I have donated some cash for the trojan help.

 

_________________

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.08.03
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Home :: Home-PC [administrator]
 
14/09/2013 11:22:19
mbam-log-2013-09-14 (11-22-19).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 274693
Time elapsed: 22 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
______________
Link to post
Share on other sites

Database version: v2013.09.08.03 <-------way out of date

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

 

----------------------------

The adware download seems to have added alot more

What do you mean by this???

MrC

Link to post
Share on other sites

Mr C, I meant that by clicking on that games page download button - that appeared like it was actually the adware download - I gained lots of entries.  It had been a clear scan before that inadvertant games thing download.  The actual adware download was fine, don't get me wrong, it was the way the page directed me to the games download and didn't actually say what it was it was that was going to download.  A big green button.  Try the page & you'll see what I mean.  I knew it would have loaded me and I was right - 33 entries!  But they've all gone now.  I then redid both a MBAR and MBAM scan & all's clear now. And another AdwCleaner scan & all ok too.  I didn't explain correctly - I meant in the process of trying to download the adware file I also inadvertantly chose some games console.

 

I am most certainly not complaining (!) - I am very, very happy with the help received on here.  It was my fault I thought the big green download button was for the adware - and it wasn't.  Schoolboy error.  No probs as all ok now.  The adware download did its job.  All clear now.

 

Thanks all your help.  Much appreciated.  :-)

_________________

 

Adware scan:

 

# AdwCleaner v3.003 - Report created 14/09/2013 at 16:17:13

# Updated 07/09/2013 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : Home - HOME-PC

# Running from : C:\Users\Home\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16506

 

-\\ Mozilla Firefox v10.0.2 (en-GB)

 

[ File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\37dx3gke.default\prefs.js ]

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [5491 octets] - [14/09/2013 11:08:46]

AdwCleaner[R1].txt - [1032 octets] - [14/09/2013 16:12:57]

AdwCleaner[s0].txt - [5672 octets] - [14/09/2013 11:11:06]

AdwCleaner[s1].txt - [955 octets] - [14/09/2013 16:17:13]

 

________________

 

MBAM scan:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.08.03

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Home :: HOME-PC [administrator]

 

14/09/2013 16:25:12

mbam-log-2013-09-14 (16-25-12).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 274455

Time elapsed: 40 minute(s), 1 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

_______________

Link to post
Share on other sites

OK......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.