Jump to content

Inadvertantly Downloaded Bing Desktop

AndreaBeth92
 Share

Recommended Posts

AndreaBeth92

AndreaBeth92

Posted
Posted

I don't know if this is helpful but this is the background on my particular infection:

 

My dad inadvertantly downloaded Bing Desktop with Windows Update and a crop of new programs have appeared on the machine (Default Tab, Super-Lyrics 16, Scorpion Saver, My PC Back Up, Driver Scanner, My PC Speed Up, MixiDJ Search Bar, some other music/DJ search bar with random letters in the name, something Conduit Search Protector something -- and those are just the ones I can remember, there were several more). I didn't think much of it because my baby sister has downloaded similar programs before and historically just removing the programs with Revo Uninstaller's Advanced setting has fixed any problems. So I set to work removing all of the new programs with Revo Uninstaller's Advanced setting. I had no problems with this except for trying to remove the Bing Desktop program - the built-in uninstaller does not, in fact, uninstall anything, but Revo got rid of everything (or so I think). Then I ran a full SuperAntiSpyware scan to make sure I'd gotten all of it - when some files came back flagged as PUPS and Adware I followed up with Spybot S&D and Malwarebytes. SuperAntiSpyware, Spybot and Malwarebytes each found 25-40 different potentially dangerous files, most flagged as PUPS, some as Adware, and one file a Trojan. I don't know enough about computers to be able to know if this is a legitimate problem - and if it is, whether or not it's been taken care of at this point.

 

The computer is running and connects to the internet so those seem like good signs, I just want to be sure there's nothing nasty hiding where I can't see it. Thanks so much for any and all assistance!

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.21.2
Run by mary at 23:53:29 on 2013-10-23
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1918.803 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Windows\Installer\MSI11EA.tmp
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Users\mary\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank



mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
uURLSearchHooks: MixiDJ V31 Toolbar: {988919ff-0cd8-4d0c-bc7e-60d55a49eb64} - c:\program files\mixidj_v31\prxtbMixi.dll
mURLSearchHooks: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
mURLSearchHooks: MixiDJ V31 Toolbar: {988919ff-0cd8-4d0c-bc7e-60d55a49eb64} - c:\program files\mixidj_v31\prxtbMixi.dll
BHO: ScorpionSaver: {10AD2C61-0898-4348-8600-14A342F22AC3} - c:\program files\scorpionsaver\IECore.dll
BHO: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: MixiDJ V31 Toolbar: {988919ff-0cd8-4d0c-bc7e-60d55a49eb64} - c:\program files\mixidj_v31\prxtbMixi.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Vafmusic7 Toolbar: {37A7EDB7-AFDA-4373-9865-02BF8160E677} - c:\program files\vafmusic7\prxtbVafm.dll
TB: MixiDJ V31 Toolbar: {988919FF-0CD8-4D0C-BC7E-60D55A49EB64} - c:\program files\mixidj_v31\prxtbMixi.dll
TB: Vafmusic7 Toolbar: {37a7edb7-afda-4373-9865-02bf8160e677} - c:\program files\vafmusic7\prxtbVafm.dll
TB: MixiDJ V31 Toolbar: {988919ff-0cd8-4d0c-bc7e-60d55a49eb64} - c:\program files\mixidj_v31\prxtbMixi.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [spotify Web Helper] "c:\users\mary\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.





TCP: NameServer = 192.168.1.1 156.154.119.11 156.154.129.11
TCP: Interfaces\{40DAC403-50B4-4280-BEF9-81CB99A9530B} : DHCPNameServer = 192.168.1.1 156.154.119.11 156.154.129.11
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mary\appdata\roaming\mozilla\firefox\profiles\jy52wfzm.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 MpKsl00dc0a8f;MpKsl00dc0a8f;c:\programdata\microsoft\microsoft antimalware\definition updates\{a5d667a2-abc2-4c20-a10f-e8348652bcf5}\MpKsl00dc0a8f.sys [2013-10-23 40392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-7-25 18944]
R2 Level Quality Watcher;Level Quality Watcher;c:\windows\installer\msi11ea.tmp run sourceguid=499f49c2-d505-4438-8db2-2f943f2bb5cc --> c:\windows\installer\MSI11EA.tmp run sourceguid=499F49C2-D505-4438-8DB2-2F943F2BB5CC [?]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 107392]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-8-12 295376]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
.
=============== Created Last 30 ================
.
2013-10-24 03:38:01    62576    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{a5d667a2-abc2-4c20-a10f-e8348652bcf5}\offreg.dll
2013-10-24 03:38:01    40392    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{a5d667a2-abc2-4c20-a10f-e8348652bcf5}\MpKsl00dc0a8f.sys
2013-10-24 01:50:19    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-24 01:50:19    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-24 01:15:04    --------    d-----w-    c:\program files\ScorpionSaver
2013-10-23 23:45:52    --------    d-----w-    c:\users\mary\appdata\local\SuperLyrics-16
2013-10-23 22:05:47    7796464    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{a5d667a2-abc2-4c20-a10f-e8348652bcf5}\mpengine.dll
2013-10-23 19:38:08    --------    d-----w-    c:\program files\MixiDJ_V31
2013-10-23 19:35:35    --------    d-----w-    c:\program files\Uninstaller
2013-10-23 19:35:15    --------    d-----w-    C:\temp
2013-10-23 19:35:15    --------    d-----w-    c:\program files\Level Quality Watcher
2013-10-23 19:33:42    --------    d-----w-    c:\programdata\Conduit
2013-10-23 19:33:37    --------    d-----w-    c:\program files\Vafmusic7
2013-10-22 22:05:42    7796464    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-18 22:09:57    719224    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{9f04425b-4d15-4801-87b7-14ad218abcaa}\gapaengine.dll
2013-10-16 02:13:27    --------    d-----w-    c:\windows\Temp8C7C341B-1FA9-6D93-4513-7DAFD1807B12-Signatures
2013-10-08 23:55:20    73344    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2013-10-08 23:55:20    134272    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2013-10-08 23:55:19    34304    ----a-w-    c:\windows\system32\atmlib.dll
2013-10-08 23:55:19    293376    ----a-w-    c:\windows\system32\atmfd.dll
2013-10-08 23:52:12    35328    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2013-10-08 23:52:11    25472    ----a-w-    c:\windows\system32\drivers\hidparse.sys
.
==================== Find3M  ====================
.
2013-10-09 08:14:18    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 08:14:18    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-22 10:22:59    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-22 10:14:39    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-09-22 10:08:41    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-09-22 10:03:18    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-08-29 07:36:04    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-08-27 02:47:50    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-08-27 01:52:08    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-08-27 01:28:36    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-08-27 01:28:35    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-08-02 04:09:35    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-01 03:16:32    638400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-08-01 02:49:15    37376    ----a-w-    c:\windows\system32\cdd.dll
.
============= FINISH: 23:54:34.55 ===============

 

Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2008 5:16:49 AM
System Uptime: 10/23/2013 11:32:43 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | IVY8
Processor: AMD Athlon Processor LE-1640 | Socket AM2  | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 122.765 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0.965 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
aiofw
aioocr
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
center
Compatibility Pack for the 2007 Office system
Full Tilt Poker.Net
Hardware Diagnostic Tools
Help_CTR
helptut
helpug
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Feedback
HP Deskjet & Photosmart Printer Driver Software 8.0.A
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 3.5
HP Product Detection
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
iTunes
Java 7 Update 21
Java Auto Updater
KODAK All-in-One Printer Software
ksdip
Level Quality Watcher
Logitech Vid HD
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007 Trial
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NVIDIA Drivers
PokerStars.net
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
ScorpionSaver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SF_CDA_ProductContext
SF_CDA_Software
SFR
Skype™ 5.10
Spotify
Spybot - Search & Destroy
SUPERAntiSpyware
Toolbox
Typing Master
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Visual C++ 8.0 CRT (x86) WinSXS MSM
WeatherBug Gadget
WebReg
.
==== End Of File ===========================


 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, there's still some adware/spyware showing.

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
AndreaBeth92

AndreaBeth92

Posted
  • Author
Posted

Computer is running fine again this morning, haven't had any problems come up, but I'm not one of the primary users. The rest of my family say it's running a lot faster and everything that changed when the Bing Desktop/everything else was installed has gone back to normal.

 

# AdwCleaner v3.010 - Report created 24/10/2013 at 11:50:36
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : mary - COOKIE
# Running from : C:\Users\mary\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Freeze.com
Folder Deleted : C:\Program Files\Inbox
Folder Deleted : C:\Program Files\Inbox.com
Folder Deleted : C:\Program Files\RebateInformer
Folder Deleted : C:\Program Files\MixiDJ_V31
Folder Deleted : C:\Program Files\Vafmusic7
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\mary\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\mary\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\mary\AppData\LocalLow\Guffins
Folder Deleted : C:\Users\mary\AppData\LocalLow\Internet Saving Optimizer
Folder Deleted : C:\Users\mary\AppData\LocalLow\Media Access Startup
Folder Deleted : C:\Users\mary\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\mary\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\mary\AppData\LocalLow\MixiDJ_V31
Folder Deleted : C:\Users\mary\AppData\LocalLow\Vafmusic7
Folder Deleted : C:\Users\mary\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\mary\AppData\Roaming\RebateInformer
File Deleted : C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\jy52wfzm.default\.autoreg
File Deleted : C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\jy52wfzm.default\invalidprefs.js
File Deleted : C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\jy52wfzm.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\jy52wfzm.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298567
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303000
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{224469FC-D32A-423E-90C3-0F69EF5724B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F6DAF6-F6DE-4A6E-8862-D87E8C98EF1A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37A7EDB7-AFDA-4373-9865-02BF8160E677}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9CFAF5B-E812-45AF-9484-E58823910E57}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37A7EDB7-AFDA-4373-9865-02BF8160E677}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3D3840C-12EA-4461-A61D-190555FECC82}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37A7EDB7-AFDA-4373-9865-02BF8160E677}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37A7EDB7-AFDA-4373-9865-02BF8160E677}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006BFF73-D6B8-4CC0-A982-1E041D625B08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{61F6DAF6-F6DE-4A6E-8862-D87E8C98EF1A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D9CFAF5B-E812-45AF-9484-E58823910E57}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49A32F81-0BA1-4B43-856C-9A61425E5BF1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D22421A9-9464-4365-AE9B-D4AD70B99924}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D202A1B1-68EC-4B62-A381-A6D5567618E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E83F170B-07CC-40E4-AD14-F31826DDC192}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6877656B-8985-44DA-9ADF-E1C3ECB99E04}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3020AB61-FD55-482C-AC3C-B800FE4EC1D0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DoubleD
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V31
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic7
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\MixiDJ_V31
Key Deleted : HKLM\Software\Vafmusic7
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaltarSmart
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Savings Sidekick
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SpecialSavings

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\jy52wfzm.default\prefs.js ]

Line Deleted : user_pref("CT3298567.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3298567.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298567.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298567.FF19Solved", "true");
Line Deleted : user_pref("CT3298567.FirstTime", "true");
Line Deleted : user_pref("CT3298567.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3298567.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM4MjU2ODA2NA==");
Line Deleted : user_pref("CT3298567.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MjU2ODA3OA==");
Line Deleted : user_pref("CT3298567.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Mw==");
Line Deleted : user_pref("CT3298567.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "Mw==");
Line Deleted : user_pref("CT3298567.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MjU3Njc0NQ==");
Line Deleted : user_pref("CT3298567.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM4MjU2ODEzNA==");
Line Deleted : user_pref("CT3298567.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298567.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3298567.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3298567.SF_USER_ID.enc", "Y2lkXzIzMTAyMDEzMTg0MTI2MzY0ODEz");

Line Deleted : user_pref("CT3298567.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3298567.UserID", "UN19001664702678196");
Line Deleted : user_pref("CT3298567.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3298567.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3298567.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3298567.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3298567.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298567.cbfirsttime.enc", "V2VkIE9jdCAyMyAyMDEzIDE4OjI4OjAxIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3298567.countryCode", "US");
Line Deleted : user_pref("CT3298567.defaultSearch", "true");
Line Deleted : user_pref("CT3298567.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT3298567.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzgyNTY4MTU2NDY3LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3298567.discover-user-id.enc", "IjMxNGZkMDUwLWVhMzItNDE4My1hMjg0LWZkYjkwNTVjY2QxMSI=");
Line Deleted : user_pref("CT3298567.embeddedsData", "[{\"appId\":\"130110228079688309\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3298567.enableAlerts", "true");
Line Deleted : user_pref("CT3298567.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3298567.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3298567.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3298567.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3298567.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3298567.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3298567.fullUserID", "UN19001664702678196.IN.20131023153624");
Line Deleted : user_pref("CT3298567.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3298567.impression_counter.enc", "MQ==");
Line Deleted : user_pref("CT3298567.impression_session_counter.enc", "MA==");
Line Deleted : user_pref("CT3298567.impression_session_id.enc", "IjA3YzkzNGZkLTVlNTQtNDgxMi04NTNkLWY1ODY5ZGMzOGZmYiI=");
Line Deleted : user_pref("CT3298567.impression_session_last_active.enc", "MTM4MjU2ODI0MzU2Mg==");
Line Deleted : user_pref("CT3298567.installDate", "23/10/2013 15:36:51");
Line Deleted : user_pref("CT3298567.installId", "cid119");
Line Deleted : user_pref("CT3298567.installSessionId", "{8710E182-588B-4DB1-ABB7-C1E4A2204642}");
Line Deleted : user_pref("CT3298567.installSp", "TRUE");
Line Deleted : user_pref("CT3298567.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3298567.installUsage", "2013-10-23T22:37:55.1232204+03:00");
Line Deleted : user_pref("CT3298567.installUsageEarly", "2013-10-23T22:37:41.5041585+03:00");
Line Deleted : user_pref("CT3298567.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3298567.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3298567.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298567.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3298567.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3298567.keyword", "true");

Line Deleted : user_pref("CT3298567.lastVersion", "10.21.1.7");
Line Deleted : user_pref("CT3298567.mam_gk_appStateReportTime.enc", "MTM4MjU2NzI3ODgxMw==");
Line Deleted : user_pref("CT3298567.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_Easytobookcars.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_JobsMiner.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3298567.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJKb2JzTWluZXIiLCJ1cmwiOiJodHRwOi8vam9ic21pbmVyLmNvbS9jb2xsYWJvcmF0aW9ucy9jb25kdWl0L2luZGV4Mi5odG1sIiwic2NyaXB0VXJsIj[...]
Line Deleted : user_pref("CT3298567.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3298567.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3298567.mam_gk_currentVersion.enc", "MS4xMS4zLjE=");
Line Deleted : user_pref("CT3298567.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3298567.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3298567.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3298567.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3298567.mam_gk_lastLoginTime.enc", "MTM4MjU2NzI3NTA2MA==");
Line Deleted : user_pref("CT3298567.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3298567.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298567.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3298567.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298567.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEwMjQiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjM1XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3298567.mam_gk_settings1.11.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEwMjQiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjM1XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3298567.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3298567.mam_gk_stamp.enc", "MzVfMA==");
Line Deleted : user_pref("CT3298567.mam_gk_userId.enc", "OTI2MTgyYWItOWEzZi00NmM5LTg0ZjQtODFlOTEwNzE2Njk2");
Line Deleted : user_pref("CT3298567.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3298567.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3298567.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298567%26SearchSource%3D13\",\"EB_MAIN_FRAME_TITLE\":\"%0A[...]
Line Deleted : user_pref("CT3298567.openThankYouPage", "false");
Line Deleted : user_pref("CT3298567.openUninstallPage", "true");


Line Deleted : user_pref("CT3298567.originalSearchEngine", "Vafmusic7 Customized Web Search");
Line Deleted : user_pref("CT3298567.originalSearchEngineName", "Vafmusic7 Customized Web Search");
Line Deleted : user_pref("CT3298567.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3298567.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3298567.search.searchAppId", "130110228079688309");
Line Deleted : user_pref("CT3298567.search.searchCount", "0");
Line Deleted : user_pref("CT3298567.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3298567.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3298567.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3298567.searchRevert", "false");
Line Deleted : user_pref("CT3298567.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3298567.searchUserMode", "2");
Line Deleted : user_pref("CT3298567.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298567.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298567.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298567\"}");

Line Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V31 \"}");
Line Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298567.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3298567.serviceLayer_services_Configuration_lastUpdate", "1382575184980");
Line Deleted : user_pref("CT3298567.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1382575187132");
Line Deleted : user_pref("CT3298567.serviceLayer_services_appsMetadata_lastUpdate", "1382575187549");
Line Deleted : user_pref("CT3298567.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1382575186988");
Line Deleted : user_pref("CT3298567.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1382557137721");
Line Deleted : user_pref("CT3298567.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1382557151606");
Line Deleted : user_pref("CT3298567.serviceLayer_services_login_10.21.1.7_lastUpdate", "1382575186245");
Line Deleted : user_pref("CT3298567.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1382575187364");
Line Deleted : user_pref("CT3298567.serviceLayer_services_searchAPI_lastUpdate", "1382575185072");
Line Deleted : user_pref("CT3298567.serviceLayer_services_serviceMap_lastUpdate", "1382575184387");
Line Deleted : user_pref("CT3298567.serviceLayer_services_toolbarContextMenu_lastUpdate", "1382575186880");
Line Deleted : user_pref("CT3298567.serviceLayer_services_toolbarSettings_lastUpdate", "1382575185277");
Line Deleted : user_pref("CT3298567.serviceLayer_services_translation_lastUpdate", "1382575187336");
Line Deleted : user_pref("CT3298567.settingsINI", true);
Line Deleted : user_pref("CT3298567.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3298567.showToolbarPermission", "false");
Line Deleted : user_pref("CT3298567.smartbar.CTID", "CT3298567");
Line Deleted : user_pref("CT3298567.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3298567.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298567.smartbar.toolbarName", "MixiDJ V31 ");
Line Deleted : user_pref("CT3298567.startPage", "true");
Line Deleted : user_pref("CT3298567.toolbarBornServerTime", "23-10-2013");
Line Deleted : user_pref("CT3298567.toolbarCurrentServerTime", "24-10-2013");
Line Deleted : user_pref("CT3298567.toolbarInstallDate", "23-10-2013 15:36:24");
Line Deleted : user_pref("CT3298567.toolbarLoginClientTime", "Wed Oct 23 2013 15:39:11 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3298567.url_history0001.enc", "aHR0cDovL2hzcmQueWFob28uY29tL195bHQ9QW9WSngydGdXaXQ2a2dELkZPS0FIUDJidlp4NDtfeWx1PVgzb0RNVFF3TkRad2FESjFCR0p3YjNNRE1RUmpZMjlrWlFOemNGOTNiMngyWlhKcGJtVUVZM0J2[...]
Line Deleted : user_pref("CT3298567.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3298567.xpeMode", "0");
Line Deleted : user_pref("CT3298567_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382576722253,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3303000.FF19Solved", "true");
Line Deleted : user_pref("CT3303000.UserID", "UN32016077818222197");
Line Deleted : user_pref("CT3303000.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3303000.fullUserID", "UN32016077818222197.IN.20131023153034");
Line Deleted : user_pref("CT3303000.installDate", "23/10/2013 15:31:13");
Line Deleted : user_pref("CT3303000.installSessionId", "{E0810741-B290-4B5F-A064-521F1F9C3804}");
Line Deleted : user_pref("CT3303000.installSp", "TRUE");
Line Deleted : user_pref("CT3303000.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3303000.keyword", "true");
Line Deleted : user_pref("CT3303000.originalHomepage", "www.google.com");

Line Deleted : user_pref("CT3303000.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3303000.originalSearchEngineName", "");
Line Deleted : user_pref("CT3303000.searchRevert", "false");
Line Deleted : user_pref("CT3303000.searchUserMode", "2");
Line Deleted : user_pref("CT3303000.smartbar.homepage", "true");
Line Deleted : user_pref("CT3303000.toolbarInstallDate", "23-10-2013 15:30:37");
Line Deleted : user_pref("CT3303000.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3303000.xpeMode", "0");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V31 Customized Web Search");


Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298567");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V31 Customized Web Search");

Line Deleted : user_pref("browser.search.order.1", "appbario8 Customized Web Search");
Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Deleted : user_pref("extensions.crossrider.bic", "1392f3099844f899c88f8c24608e48c9");

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298567");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298567");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298567");
Line Deleted : user_pref("smartbar.machineId", "Y5KYVQDX05JZXJZATBDKQGYKSVRUQDTRG8UFCB3DVHKA1MA2A5RZGEQ5FSDQ+1IE7TUUARHGAPUCOAR4KVBKCA");


*************************

AdwCleaner[R0].txt - [29884 octets] - [24/10/2013 11:48:10]
AdwCleaner[s0].txt - [30496 octets] - [24/10/2013 11:50:36]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [30557 octets] ##########
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.24.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mary :: COOKIE [administrator]

10/24/2013 12:03:05 PM
MBAM-log-2013-10-24 (12-14-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 202328
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-673644084-2725270285-995972051-1000\$RQBTYBE.exe (PUP.Optional.ExpressInstall.A) -> No action taken.

(end)
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Great......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
AndreaBeth92

AndreaBeth92

Posted
  • Author
Posted

I apparently spoke too soon. ScorpionSaver is reinstalling itself somehow and keeps coming up in the Add/Remove Programs list, despite multiple uninstalls using Revo Uninstaller's Advanced mode (and a post-uninstall search of the registry turned up nothing), and has re-enabled itself as a browser extension in both Firefox and IE despite my disabling and removing both of them before uninstalling the program. It doesn't seem to be affecting performance at all (except possibly crashing browsers but that might be all of the uninstalling and scanning I've been doing?), just the fact that it is reinstalling itself makes me very nervous. Any idea how to tackle this one?

 

 Results of screen317's Security Check version 0.99.74  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites
AndreaBeth92

AndreaBeth92

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by mary (administrator) on COOKIE on 24-10-2013 13:56:50
Running from C:\Users\mary\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Eastman Kodak Company) C:\Program Files\Kodak\printer\center\KodakSvc.exe
() C:\Windows\Installer\MSI11EA.tmp
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [spotify Web Helper] - C:\Users\mary\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-07] (Spotify Ltd)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: {05d040f7-cca7-11e1-af4e-001fc682e029} - F:\TL_Bootstrap.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {38DE17CF-47E2-42F2-B506-160058F51805} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM - {4AD5529A-AF85-4E49-86EF-0A9DE468FB75} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - DefaultScope {993FC2B7-A91E-4D95-AD97-844879FECEB9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298567&CUI=UN14296065509222635&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?FORM=VE3D01&q={searchTerms}
SearchScopes: HKCU - {11DD31BE-0F0F-4493-A9ED-E47084BFCF4A} URL =
SearchScopes: HKCU - {38DE17CF-47E2-42F2-B506-160058F51805} URL = http://www.bing.com/search?FORM=UP93DF&PC=UP93&dt=101813&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {4AD5529A-AF85-4E49-86EF-0A9DE468FB75} URL =
SearchScopes: HKCU - {60528141-2CEF-413C-BD31-2BB7A95666C4} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20090834,5926,2138,8,0
SearchScopes: HKCU - {813f6d33-ed2c-4a88-a662-81529cc25a8f} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=bu10aiminstabie7
SearchScopes: HKCU - {993FC2B7-A91E-4D95-AD97-844879FECEB9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298567&CUI=UN14296065509222635&UM=2
BHO: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files\ScorpionSaver\IECore.dll ()
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 156.154.119.11 156.154.129.11

FireFox:
========
FF ProfilePath: C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\jy52wfzm.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\jy52wfzm.default\searchplugins\AOL Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-16] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
R2 KodakSvc; C:\Program Files\Kodak\printer\center\KodakSvc.exe [18944 2008-07-25] (Eastman Kodak Company)
R2 Level Quality Watcher; C:\Windows\Installer\MSI11EA.tmp [414216 2013-10-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S4 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [x]

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [3328 2008-10-08] (Windows ® Codename Longhorn DDK provider)
R3 RT2500; C:\Windows\System32\DRIVERS\RT2500.sys [243328 2005-10-20] (Ralink Technology Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; c:\windows\system32\drivers\TrueSight.sys [111872 2011-12-24] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)
S3 Afc; No ImagePath
S3 cpuz132; \??\C:\Users\mary\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
S3 IpInIp; No ImagePath
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [x]
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 PcdrNdisuio; No ImagePath
S3 SymIM; system32\DRIVERS\SymIM.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\system32\drivers\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 3914EA9111DBEFFAF1C68200817768AD
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\system32\drivers\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\DRIVERS\lvuvc.sys 5BC80451109A8DD7F2DDD35BCE2929A3
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\moufiltr.sys BAA4ED3C323BEE7EBC144C7D232220A8
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\System32\DRIVERS\MpFilter.sys 24406D75B40F0F6B3C1AC7031D734565
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys C58DB40E4C95BE8EE727BE872BE6383F
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvmfdx32.sys D668632606D1CEBF0B6EC64C1DF7ED6F
C:\Windows\System32\DRIVERS\nvlddmkm.sys FBBA09782F2FAC5A57619DF378BA9372
C:\Windows\System32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvrd32.sys 6F5BB0B40D251351A913B61BA9D64B3F
C:\Windows\system32\drivers\nvsmu.sys C44EE36DD84FA95EB81D79C374756003
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\System32\DRIVERS\nvstor32.sys 1A649B87A7B7C1220A2B16B121F2198E
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rcmirror.sys AA3EAAC5827C73CE50EFF2883F986144
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\RMCAST.sys EEC7EE5675294B03E88AA868540007C1
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\DRIVERS\RT2500.sys E2988349FE0567CBE4161CC653575A8E
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\System32\DRIVERS\sfloppy.sys C33BFBD6E9E41FCD9FFEF9729E9FAED6
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 6D0D344F643E28B31262AC2682109A3C
C:\Windows\System32\DRIVERS\tcpip.sys 6D0D344F643E28B31262AC2682109A3C
C:\Windows\System32\drivers\tcpipreg.sys 5877A786EF27E42C4E84D1356F922302
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
c:\windows\system32\drivers\TrueSight.sys F69641EFDB19ACB4753B0155F7FDEED5
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62
C:\Windows\System32\DRIVERS\lgusbbus.sys 5353218B3265E3B8190335059F697A11
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lgusbdiag.sys 7DD3EEFC62A1EF44E5F940FA651ED9ED
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\System32\DRIVERS\lgusbmodem.sys 083031A78822ECCBD7510BCCD3E20D4C
C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\System32\DRIVERS\VSTBS23.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTDPV3.SYS ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-24 13:56 - 2013-10-24 13:56 - 00000000 ____D C:\FRST
2013-10-24 13:55 - 2013-10-24 13:55 - 01955412 _____ (Farbar) C:\Users\mary\Desktop\FRST64.exe
2013-10-24 13:55 - 2013-10-24 13:55 - 01088113 _____ (Farbar) C:\Users\mary\Desktop\FRST.exe
2013-10-24 13:49 - 2013-10-24 13:48 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-24 13:49 - 2013-10-24 13:48 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-24 13:49 - 2013-10-24 13:48 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-24 13:49 - 2013-10-24 13:48 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-24 13:45 - 2013-10-24 13:45 - 00915368 _____ (Oracle Corporation) C:\Users\mary\Desktop\jre-7u45-windows-i586-iftw.exe
2013-10-24 13:44 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\Oracle
2013-10-24 13:42 - 2013-10-24 13:44 - 00005509 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-10-24 13:41 - 2013-10-24 13:41 - 00915368 _____ (Oracle Corporation) C:\Users\mary\Desktop\jxpiinstall.exe
2013-10-24 13:28 - 2013-10-24 13:28 - 00891167 _____ C:\Users\mary\Desktop\SecurityCheck.exe
2013-10-24 13:22 - 2013-10-24 13:22 - 00000000 ____D C:\Program Files\ScorpionSaver
2013-10-24 12:51 - 2013-10-24 13:19 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-10-24 11:47 - 2013-10-24 12:57 - 00000000 ____D C:\AdwCleaner
2013-10-23 23:56 - 2013-10-23 23:56 - 00008726 _____ C:\Users\mary\Desktop\attach.txt
2013-10-23 23:56 - 2013-10-23 23:54 - 00015128 _____ C:\Users\mary\Desktop\dds.txt
2013-10-23 23:47 - 2013-10-23 23:47 - 00688992 ____R (Swearware) C:\Users\mary\Desktop\dds.com
2013-10-23 21:50 - 2013-10-23 21:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-23 21:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-23 19:45 - 2013-10-23 20:09 - 00000000 ____D C:\Users\mary\AppData\Local\SuperLyrics-16
2013-10-23 15:35 - 2013-10-23 15:35 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-10-23 15:30 - 2013-10-23 15:30 - 00000258 __RSH C:\Users\mary\ntuser.pol
2013-10-19 21:37 - 2013-10-19 21:37 - 00000795 _____ C:\Windows\setupact.log
2013-10-19 21:37 - 2013-10-19 21:37 - 00000000 _____ C:\Windows\setuperr.log
2013-10-16 21:23 - 2013-10-16 21:23 - 00789529 _____ C:\Users\mary\Desktop\Songs From Dad's iPod 10.16.13.xml
2013-10-16 21:15 - 2013-10-16 21:15 - 00382734 _____ C:\Users\mary\Desktop\Flordia trip.xml
2013-10-15 22:13 - 2013-10-15 22:13 - 00000000 ____D C:\Windows\Temp8C7C341B-1FA9-6D93-4513-7DAFD1807B12-Signatures
2013-10-08 20:11 - 2013-09-22 06:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-08 20:11 - 2013-09-22 06:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-08 20:11 - 2013-09-22 06:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-08 20:11 - 2013-09-22 06:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-08 20:11 - 2013-09-22 06:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-08 20:11 - 2013-09-22 06:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-08 20:11 - 2013-09-22 06:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-08 20:11 - 2013-09-22 06:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-08 20:11 - 2013-09-22 06:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-08 20:11 - 2013-09-22 06:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-08 20:11 - 2013-09-22 06:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-08 20:11 - 2013-09-22 06:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-08 20:11 - 2013-09-22 06:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-08 20:11 - 2013-09-22 06:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-08 20:11 - 2013-09-22 05:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-08 20:10 - 2013-09-22 06:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-08 19:55 - 2013-07-12 05:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-08 19:55 - 2013-07-12 05:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-08 19:55 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 19:55 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-08 19:54 - 2013-08-29 03:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-08 19:54 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-08 19:54 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-08 19:54 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-08 19:54 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-08 19:54 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-08 19:54 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-08 19:54 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-08 19:54 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-08 19:54 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-08 19:54 - 2013-07-31 23:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-08 19:54 - 2013-07-31 22:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-08 19:54 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 19:54 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-08 19:54 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-08 19:54 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-08 19:54 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-08 19:54 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-08 19:54 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-08 19:54 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-08 19:54 - 2011-05-05 09:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-08 19:52 - 2013-07-02 22:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-08 19:52 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-09-30 23:34 - 2013-09-30 23:34 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-24 13:56 - 2013-10-24 13:56 - 00000000 ____D C:\FRST
2013-10-24 13:55 - 2013-10-24 13:55 - 01955412 _____ (Farbar) C:\Users\mary\Desktop\FRST64.exe
2013-10-24 13:55 - 2013-10-24 13:55 - 01088113 _____ (Farbar) C:\Users\mary\Desktop\FRST.exe
2013-10-24 13:50 - 2013-10-24 13:44 - 00000000 ____D C:\ProgramData\Oracle
2013-10-24 13:49 - 2008-03-20 03:25 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-24 13:48 - 2013-10-24 13:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-24 13:48 - 2013-10-24 13:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-24 13:48 - 2013-10-24 13:49 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-24 13:48 - 2013-10-24 13:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-24 13:45 - 2013-10-24 13:45 - 00915368 _____ (Oracle Corporation) C:\Users\mary\Desktop\jre-7u45-windows-i586-iftw.exe
2013-10-24 13:44 - 2013-10-24 13:42 - 00005509 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-10-24 13:44 - 2008-03-20 03:25 - 00000000 ____D C:\Program Files\Java
2013-10-24 13:41 - 2013-10-24 13:41 - 00915368 _____ (Oracle Corporation) C:\Users\mary\Desktop\jxpiinstall.exe
2013-10-24 13:28 - 2013-10-24 13:28 - 00891167 _____ C:\Users\mary\Desktop\SecurityCheck.exe
2013-10-24 13:24 - 2006-11-02 06:33 - 00707520 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-24 13:22 - 2013-10-24 13:22 - 00000000 ____D C:\Program Files\ScorpionSaver
2013-10-24 13:21 - 2008-10-09 10:17 - 01527955 _____ C:\Windows\WindowsUpdate.log
2013-10-24 13:19 - 2013-10-24 12:51 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-10-24 13:18 - 2010-08-25 16:25 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-10-24 13:18 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-24 13:18 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-24 13:18 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 13:17 - 2006-11-02 09:01 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-24 13:16 - 2011-12-30 22:28 - 00000000 ____D C:\Users\mary\Desktop\Maintainence
2013-10-24 13:14 - 2012-04-14 16:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 12:57 - 2013-10-24 11:47 - 00000000 ____D C:\AdwCleaner
2013-10-24 12:19 - 2008-11-06 04:18 - 00142638 _____ C:\Windows\PFRO.log
2013-10-23 23:56 - 2013-10-23 23:56 - 00008726 _____ C:\Users\mary\Desktop\attach.txt
2013-10-23 23:54 - 2013-10-23 23:56 - 00015128 _____ C:\Users\mary\Desktop\dds.txt
2013-10-23 23:47 - 2013-10-23 23:47 - 00688992 ____R (Swearware) C:\Users\mary\Desktop\dds.com
2013-10-23 23:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Speech
2013-10-23 21:50 - 2013-10-23 21:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-23 21:47 - 2008-10-09 11:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-23 21:46 - 2006-11-02 06:23 - 00450717 ____R C:\Windows\system32\Drivers\etc\hosts.20131024-125036.backup
2013-10-23 21:14 - 2008-10-09 11:45 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-23 20:20 - 2011-12-30 21:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-23 20:13 - 2009-11-30 22:44 - 00000000 ____D C:\Users\mary\AppData\Roaming\Uniblue
2013-10-23 20:09 - 2013-10-23 19:45 - 00000000 ____D C:\Users\mary\AppData\Local\SuperLyrics-16
2013-10-23 19:58 - 2013-04-28 11:37 - 00000000 ____D C:\ProgramData\Minitab
2013-10-23 15:35 - 2013-10-23 15:35 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-10-23 15:30 - 2013-10-23 15:30 - 00000258 __RSH C:\Users\mary\ntuser.pol
2013-10-23 15:30 - 2008-10-09 10:20 - 00000000 ____D C:\Users\mary
2013-10-22 22:53 - 2009-09-23 00:51 - 00000000 ____D C:\Users\mary\Documents\Katie
2013-10-22 04:00 - 2008-10-28 16:49 - 00000312 _____ C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2013-10-22 04:00 - 2008-10-28 16:48 - 00000340 _____ C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2013-10-21 02:04 - 2009-02-16 03:05 - 00000398 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2013-10-19 21:37 - 2013-10-19 21:37 - 00000795 _____ C:\Windows\setupact.log
2013-10-19 21:37 - 2013-10-19 21:37 - 00000000 _____ C:\Windows\setuperr.log
2013-10-17 17:53 - 2011-12-30 21:22 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-17 17:51 - 2011-12-30 21:06 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 21:23 - 2013-10-16 21:23 - 00789529 _____ C:\Users\mary\Desktop\Songs From Dad's iPod 10.16.13.xml
2013-10-16 21:15 - 2013-10-16 21:15 - 00382734 _____ C:\Users\mary\Desktop\Flordia trip.xml
2013-10-15 22:13 - 2013-10-15 22:13 - 00000000 ____D C:\Windows\Temp8C7C341B-1FA9-6D93-4513-7DAFD1807B12-Signatures
2013-10-09 04:14 - 2012-04-14 16:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 04:14 - 2011-12-30 19:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 22:14 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-08 21:53 - 2006-11-02 08:47 - 00399264 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-08 21:52 - 2012-04-26 20:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-08 21:52 - 2010-01-27 13:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-08 20:25 - 2008-10-09 12:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-08 20:19 - 2013-07-11 23:11 - 00000000 ____D C:\Windows\system32\MRT
2013-10-08 20:17 - 2006-11-02 06:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-08 19:49 - 2010-01-10 22:54 - 00000000 ____D C:\Users\mary\AppData\Roaming\HpUpdate
2013-09-30 23:34 - 2013-09-30 23:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-30 10:18 - 2008-03-20 03:31 - 00000000 ____D C:\Program Files\PC-Doctor 5 for Windows

Files to move or delete:
====================
C:\Users\mary\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\mary\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\mary\AppData\Local\Temp\itunes.exe
C:\Users\mary\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {bd225567-f652-11dc-8d61-001e8cdfceb0}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {bd225567-f652-11dc-8d61-001e8cdfceb0}
nx                      AlwaysOff

Resume from Hibernate
---------------------
identifier              {bd225567-f652-11dc-8d61-001e8cdfceb0}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     No
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             RAM Disk Settings
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi



LastRegBack: 2013-10-24 13:24

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
AndreaBeth92

AndreaBeth92

Posted
  • Author
Posted

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013 01
Ran by mary at 2013-10-24 19:53:42 Run:1
Running from C:\Users\mary\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
BHO: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files\ScorpionSaver\IECore.dll ()
C:\Program Files\ScorpionSaver

*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
C:\Program Files\ScorpionSaver => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites
AndreaBeth92

AndreaBeth92

Posted
  • Author
Posted

ScorpionSaver is back =(

 

# AdwCleaner v3.010 - Report created 24/10/2013 at 19:58:03
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : mary - COOKIE
# Running from : C:\Users\mary\Desktop\Maintainence\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\jy52wfzm.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [29884 octets] - [24/10/2013 11:48:10]
AdwCleaner[R1].txt - [909 octets] - [24/10/2013 12:54:41]
AdwCleaner[R2].txt - [968 octets] - [24/10/2013 19:54:43]
AdwCleaner[s0].txt - [30638 octets] - [24/10/2013 11:50:36]
AdwCleaner[s2].txt - [890 octets] - [24/10/2013 19:58:03]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [949 octets] ##########
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, so you disabled the add-ons, I didn't do that because they didn't show up in the log.

The easiest way to delete the entry from your add/remove programs is with CCleaner.

Download and install CCleaner free.

Open up CCleaner > Tools > Uninstall > highlight the entry > click Delete

I would keep CCleaner, it's an excellent program to clean out temp files, just stay away from the registry cleaner part.
Here's a Tutorial if needed.
You may want to uncheck "cookies" when using it to save all you cookies.

Let me know...MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
AndreaBeth92

AndreaBeth92

Posted
  • Author
Posted

 Results of screen317's Security Check version 0.99.74  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your Java is the correct version.

------------------------

Adobe Reader 10.1.8 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.