Jump to content

Redirects strange behaviour


Egarrim
 Share

Recommended Posts

Hi, hope you can help. I have been asked to help a neighbour with her laptop. She is experiencing an awfull lot of redirects and seems to have had various programs installed that I have or have tried to uninstall, these included things like backup programs and even a pop up that was pretending to be from Microsoft with 24/ 7 help line. we are still left with redirects and strange sounding search tools and toolbars.

 

Could you please help.

 

Here are the logs I have just generated

 

  DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by Mrs Whinfrey at 17:19:17 on 2013-10-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6034.3943 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\windows\system32\RunDll32.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Whilokii\updateWhilokii.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\WUDFHost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\windows\explorer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPNetworkCommunicator.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



mWinlogon: Userinit = userinit.exe,
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN14O2C07W05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\MRSWHI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{326E7B75-A475-4F94-9F76-4CD13141D112} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{326E7B75-A475-4F94-9F76-4CD13141D112}\2656C6B696E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{326E7B75-A475-4F94-9F76-4CD13141D112}\C496675626F687D263434303 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2012-5-11 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2012-5-11 15920]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-11-21 21136]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-11-21 984144]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-11-21 370288]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-11-21 25232]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-11-21 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-21 44808]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-11-19 162824]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-19 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-19 161560]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-19 363800]
R2 Update Whilokii;Update Whilokii;C:\Program Files (x86)\Whilokii\updateWhilokii.exe [2013-9-26 65304]
R2 Util Whilokii;Util Whilokii;C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [2013-10-7 65304]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-11-19 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-11-19 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-11-19 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2012-11-19 1082472]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-15 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-5-27 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-1-5 21096]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-11-19 57216]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-11-21 1255736]
.
=============== Created Last 30 ================
.
2013-10-25 22:26:07 -------- d-----w- C:\AdwCleaner
2013-10-25 18:10:08 116440 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2013-10-25 17:54:17 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-10-25 16:22:27 -------- d-----w- C:\Program Files\iPod
2013-10-25 16:22:26 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 16:22:26 -------- d-----w- C:\Program Files\iTunes
2013-10-25 16:22:26 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-10-25 16:15:27 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-10-25 14:45:33 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D59FD3D-2A8F-49B4-90E1-487406BF841D}\mpengine.dll
2013-10-09 18:21:18 -------- d-----w- C:\Users\Mrs Whinfrey\AppData\Local\LogMeIn Rescue Applet
2013-10-09 17:59:58 -------- d-----w- C:\Users\Mrs Whinfrey\AppData\Roaming\PCPowerSpeed
2013-10-09 17:59:52 -------- d-----w- C:\Program Files (x86)\Inbox.com
2013-10-09 17:59:50 -------- d-----w- C:\Users\Mrs Whinfrey\AppData\Roaming\24x7 Help
2013-10-09 15:00:40 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-10-06 11:50:59 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-10-06 11:49:54 5433552 ----a-w- C:\ProgramData\pclunst.exe
2013-10-06 11:49:53 -------- d-----w- C:\ProgramData\PC1Data
2013-09-30 20:04:15 -------- d-----w- C:\Program Files (x86)\Whilokii
.
==================== Find3M  ====================
.
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-09-03 13:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 17:19:55.90 ===============

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19/11/2012 14:42:57
System Uptime: 26/10/2013 16:27:20 (1 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 |  | Type2 - Board Product Name1
Processor: Intel® Core i3-2350M CPU @ 2.30GHz | U3E1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 579 GiB total, 494.369 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (NTFS) - 298 GiB total, 269.445 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 01/10/2013 13:32:07 - Windows Update
RP96: 04/10/2013 18:55:52 - Windows Update
RP97: 08/10/2013 21:35:35 - Windows Update
RP98: 09/10/2013 15:47:49 - Windows Update
RP99: 09/10/2013 19:41:15 - Windows Update
RP100: 15/10/2013 21:39:41 - Windows Update
RP101: 22/10/2013 16:37:44 - Windows Update
RP102: 25/10/2013 23:21:07 - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.8) MUI
Agatha Christie - Death on the Nile
Aloha TriPeaks
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Pro Antivirus
BBC iPlayer Desktop
Bejeweled 3
Bing Bar
Bing Bar Platform
Bluetooth Stack for Windows by Toshiba
Bonjour
Cake Mania
Chuzzle Deluxe
Coupon Printer for Windows
D3DX10
Fotogalleri
Fotogalleriet
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High-Definition Video Playback
HP Deskjet 3070 B611 series Basic Device Software
HP Deskjet 3070 B611 series Help
HP Deskjet 3070 B611 series Product Improvement Study
HP Photo Creations
HP Update
iCloud
Insaniquarium Deluxe
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java Auto Updater
Java 6 Update 30
Jewel Quest Solitaire 2
Junk Mail filter update
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Mystery P.I. - The London Caper
Nero 11 Essentials
Nero 11 Kwik Themes Basic
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero BurnRights 11
Nero BurnRights 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
Photo Common
Photo Gallery
PhotoScape
PhotoScape Packages
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Polar Bowler
Premium Sound HD
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RtkClassFilter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Skype Click to Call
Skype™ 6.3
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Valokuvavalikoima
Virtual Villagers 4 - The Tree of Life
welcome
Whilokii 1.0.0
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven peruspaketti
Windows Liven sähköposti
.
==== Event Viewer Messages From Past Week ========
.
26/10/2013 10:10:06, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
26/10/2013 10:10:06, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
25/10/2013 23:24:19, Error: mbamchameleon [61440]  -
25/10/2013 17:20:35, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/10/2013 15:59:02, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
23/10/2013 19:10:25, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Update Whilokii service to connect.
23/10/2013 19:10:25, Error: Service Control Manager [7000]  - The Update Whilokii service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

Link to post
Share on other sites

Hello Egarrim! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Step 2

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Clean.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Step 3
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Hi sorry about delay in response. Here are the logs you requested. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Mrs Whinfrey on 28/10/2013 at  9:18:20.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Failed to stop: [service] update whilokii 
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4client
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4script
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4server2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.appserver
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.ibx404
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\rebinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebateinf.rebateinfobj
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{132E3F35-C45D-8B6D-C2EF-0C685F235070}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{794C4B55-EA35-431E-A147-180E8BED5FD7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{794C4B55-EA35-431E-A147-180E8BED5FD7}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\AppData\Roaming\24x7 help"
Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\AppData\Roaming\pcpowerspeed"
Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\appdata\locallow\inbox toolbar"
Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\appdata\locallow\mysearchdial"
Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\appdata\locallow\rebateinformer"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\delta"
Successfully deleted: [Folder] "C:\Program Files (x86)\inbox.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Failed to delete: [Folder] "C:\Program Files (x86)\whilokii"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inbox toolbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rebateinformer"
Successfully deleted: [Folder] "C:\Users\Mrs Whinfrey\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Mrs Whinfrey\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Folder] C:\Users\Mrs Whinfrey\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/10/2013 at  9:26:44.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v3.010 - Report created 28/10/2013 at 09:39:40
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mrs Whinfrey - MRSWHINFREY
# Running from : C:\Users\Mrs Whinfrey\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : update whilokii
[#] Service Deleted : Util Whilokii
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\Program Files (x86)\Whilokii
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\windows\System32\Tasks\EPUpdater
File Deleted : C:\windows\Tasks\MySearchDial.job
File Deleted : C:\windows\System32\Tasks\MySearchDial
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Whilokii
Key Deleted : HKLM\Software\Whilokii
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Mrs Whinfrey\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
Deleted : homepage
Deleted : search_url
 
*************************
 
AdwCleaner[R0].txt - [6657 octets] - [28/10/2013 09:34:24]
AdwCleaner[R1].txt - [6797 octets] - [28/10/2013 09:37:50]
AdwCleaner[s0].txt - [6419 octets] - [28/10/2013 09:39:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6479 octets] ##########
Couldnt find S1 log
 
 
Malwarebytes no detections
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.28.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Mrs Whinfrey :: MRSWHINFREY [administrator]
 
Protection: Enabled
 
28/10/2013 09:48:59
mbam-log-2013-10-28 (09-48-59).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228890
Time elapsed: 13 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites

Just done another run with adwcleaner got a proper log.

 

# AdwCleaner v3.010 - Report created 29/10/2013 at 08:56:48
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mrs Whinfrey - MRSWHINFREY
# Running from : C:\Users\Mrs Whinfrey\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Mrs Whinfrey\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R3].txt - [791 octets] - [29/10/2013 08:55:58]
AdwCleaner[s1].txt - [713 octets] - [29/10/2013 08:56:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [772 octets] ##########
 
 
благодаря
Link to post
Share on other sites

No, some final steps:

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Hi, just swapped anti virus to avg 2014 and it found this.

c:\programdata\dsgsdgdsgsgw.pad

and Luhe lockscreen .a    i think this is the same thing, i researched and found it be be something to do with FBI ransom ware. But the neighbor told me she had this removed about 10 months ago.

Havent run the programs you mentioned in your latest reply, i wanted to know what this is first.

Regards 

Link to post
Share on other sites

About ransomware you should know:

One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Hi thanks for your continued help.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Mrs Whinfrey (administrator) on MRSWHINFREY on 05-11-2013 16:02:28
Running from C:\Users\Mrs Whinfrey\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
() C:\Windows\System32\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-16] (Realtek Semiconductor)
HKLM\...\Run: [sRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223180 2012-03-22] ()
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-11] (Google Inc.)
HKCU\...\Run: [HP Deskjet 3070 B611 series (NET)] - C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2547048 2011-03-30] (Hewlett-Packard Co.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1492264 2011-11-18] (Nero AG)
HKLM-x32\...\Run: [iTSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Mrs Whinfrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3070 B611 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3070 B611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {794C4B55-EA35-431E-A147-180E8BED5FD7} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR Extension: (Skype Click to Call) - C:\Users\MRSWHI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR HKLM-x32\...\Chrome\Extension: [dlmdlmoekcipeicfbnohedgkglmbhcla] - C:\Program Files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2013-11-05] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1082472 2012-01-17] (Realtek Semiconductor Corporation                           )
S3 Tosrfcom; No ImagePath
S1 SASDIFSV; \??\C:\Users\MRSWHI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL; \??\C:\Users\MRSWHI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-05 16:02 - 2013-11-05 16:02 - 00000000 ____D C:\FRST
2013-11-05 16:01 - 2013-11-05 16:01 - 01957098 _____ (Farbar) C:\Users\Mrs Whinfrey\Downloads\FRST64.exe
2013-11-05 15:43 - 2013-11-05 15:43 - 00000000 _____ C:\windows\setuperr.log
2013-11-05 15:20 - 2013-11-05 15:20 - 00000000 ____D C:\Program Files\stinger
2013-11-05 13:25 - 2013-11-05 13:25 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\SUPERAntiSpyware.com
2013-11-05 13:25 - 2013-11-05 13:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-05 12:46 - 2013-11-05 12:46 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2013-11-05 12:39 - 2013-11-05 12:46 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-05 09:16 - 2013-11-05 09:16 - 00000058 _____ C:\Users\Public\Desktop\Daves Support.url
2013-11-05 09:14 - 2013-11-05 15:22 - 00001380 _____ C:\windows\PFRO.log
2013-11-02 22:02 - 2013-11-02 22:02 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\Auslogics
2013-11-02 17:11 - 2013-11-02 17:13 - 00000000 ____D C:\ProgramData\Sophos
2013-11-02 17:11 - 2013-11-02 17:11 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-11-02 15:36 - 2013-11-02 15:36 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-02 11:40 - 2013-11-02 11:40 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-02 11:13 - 2013-11-02 11:12 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-02 11:13 - 2013-11-02 11:12 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-02 11:11 - 2013-11-05 15:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-02 11:11 - 2013-11-02 11:11 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-11-02 11:10 - 2013-11-02 11:10 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-02 10:28 - 2013-11-05 15:43 - 00001130 _____ C:\windows\setupact.log
2013-11-01 23:44 - 2013-11-05 15:36 - 00000058 _____ C:\windows\system32\zerobyte_files_deleted.txt
2013-11-01 20:58 - 2013-11-05 15:36 - 00000076 _____ C:\windows\zerobyte_files_deleted.txt
2013-11-01 20:50 - 2013-11-01 20:50 - 00000000 ____D C:\Users\Mrs Whinfrey\Desktop\MRSWHINFREY
2013-10-29 08:55 - 2013-11-05 15:31 - 00000000 ____D C:\AdwCleaner
2013-10-29 08:55 - 2013-10-29 08:55 - 01060070 _____ C:\Users\Mrs Whinfrey\Downloads\AdwCleaner (1).exe
2013-10-29 08:37 - 2013-10-29 08:37 - 00003230 _____ C:\windows\System32\Tasks\SidebarExecute
2013-10-29 08:37 - 2013-10-29 08:37 - 00000976 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-29 08:37 - 2013-10-29 08:37 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\TuneUp Software
2013-10-29 08:37 - 2013-10-29 08:37 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\AVG2014
2013-10-29 08:35 - 2013-10-29 08:37 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-29 08:35 - 2013-10-29 08:35 - 00000000 ___HD C:\$AVG
2013-10-29 08:35 - 2013-10-29 08:35 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-29 08:32 - 2013-11-05 09:19 - 00000000 ____D C:\ProgramData\MFAData
2013-10-29 08:32 - 2013-11-02 11:55 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\Avg2014
2013-10-29 08:32 - 2013-10-29 08:32 - 04436568 _____ (AVG Technologies) C:\Users\Mrs Whinfrey\Downloads\avg_free_stb_all_2014_4158_cnet.exe
2013-10-29 08:32 - 2013-10-29 08:32 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\MFAData
2013-10-28 21:39 - 2013-10-28 21:39 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\AVAST Software
2013-10-28 18:00 - 2013-10-28 18:01 - 00000000 ____D C:\windows\system32\MRT
2013-10-28 18:00 - 2013-09-26 01:46 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-28 17:27 - 2013-10-28 17:27 - 00000045 _____ C:\windows\SysWOW64\initdebug.nfo
2013-10-28 17:19 - 2013-10-28 17:19 - 02143832 _____ C:\Users\Mrs Whinfrey\Downloads\instsf449.exe
2013-10-28 09:18 - 2013-10-28 09:18 - 00000000 ____D C:\windows\ERUNT
2013-10-28 09:17 - 2013-10-28 09:17 - 01060070 _____ C:\Users\Mrs Whinfrey\Downloads\AdwCleaner.exe
2013-10-28 09:16 - 2013-10-28 09:16 - 01033335 _____ (Thisisu) C:\Users\Mrs Whinfrey\Downloads\JRT.exe
2013-10-26 16:22 - 2013-10-26 16:22 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-26 16:22 - 2013-10-26 16:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-26 16:22 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-10-26 16:21 - 2013-10-26 16:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mrs Whinfrey\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-25 17:54 - 2013-11-05 12:48 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-10-25 16:23 - 2013-10-25 16:23 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 16:22 - 2013-10-25 16:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 16:22 - 2013-10-25 16:23 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 16:22 - 2013-10-25 16:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-25 16:22 - 2013-10-25 16:22 - 00000000 ____D C:\Program Files\iPod
2013-10-25 16:15 - 2013-10-25 16:15 - 00001856 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-10-25 16:15 - 2013-10-25 16:15 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-09 18:49 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-09 18:49 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-09 18:49 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-09 18:49 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-09 18:49 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-09 18:49 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-09 18:49 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-09 18:49 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-09 18:49 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-09 18:49 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-09 18:49 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-09 18:49 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 18:21 - 2013-10-10 17:22 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\LogMeIn Rescue Applet
2013-10-09 18:21 - 2013-10-09 18:21 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Mrs Whinfrey\Downloads\Support-LogMeInRescue.exe
2013-10-09 18:07 - 2013-10-09 18:07 - 00784888 _____ (Google Inc.) C:\Users\Mrs Whinfrey\Downloads\ChromeSetup.exe
2013-10-09 15:01 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-09 15:01 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-09 15:01 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-09 15:01 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-09 15:01 - 2013-07-12 10:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-09 15:01 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-09 15:01 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-09 15:01 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-09 15:01 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-09 15:01 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-09 15:01 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-09 15:01 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-09 15:01 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-09 15:01 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-09 15:01 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-09 15:01 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-09 15:01 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-09 15:01 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-09 15:01 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-09 15:01 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-09 15:01 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-09 15:01 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-09 15:01 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-09 15:01 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-09 15:01 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-09 15:01 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-09 15:00 - 2013-09-04 12:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-09 15:00 - 2013-09-04 12:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-09 15:00 - 2013-09-04 12:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-09 15:00 - 2013-09-04 12:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-09 15:00 - 2013-09-04 12:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-09 15:00 - 2013-09-04 12:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-09 15:00 - 2013-09-04 12:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-09 15:00 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-09 15:00 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-09 15:00 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-09 15:00 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-09 15:00 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-09 15:00 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-09 15:00 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-09 15:00 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-09 15:00 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-09 15:00 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-09 15:00 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-09 15:00 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-09 15:00 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-09 15:00 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-09 15:00 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-09 15:00 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-09 15:00 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-09 15:00 - 2013-08-01 12:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-09 15:00 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 15:00 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
 
==================== One Month Modified Files and Folders =======
 
2013-11-05 16:02 - 2013-11-05 16:02 - 00000000 ____D C:\FRST
2013-11-05 16:01 - 2013-11-05 16:01 - 01957098 _____ (Farbar) C:\Users\Mrs Whinfrey\Downloads\FRST64.exe
2013-11-05 16:01 - 2012-11-21 20:05 - 00000270 _____ C:\windows\Tasks\HP Photo Creations Messager.job
2013-11-05 15:51 - 2009-07-14 04:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-05 15:51 - 2009-07-14 04:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-05 15:48 - 2009-07-14 05:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-05 15:47 - 2012-11-19 21:34 - 01215015 _____ C:\windows\WindowsUpdate.log
2013-11-05 15:43 - 2013-11-05 15:43 - 00000000 _____ C:\windows\setuperr.log
2013-11-05 15:43 - 2013-11-02 10:28 - 00001130 _____ C:\windows\setupact.log
2013-11-05 15:43 - 2012-11-19 21:37 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-11-05 15:43 - 2012-05-11 18:52 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-05 15:43 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-05 15:37 - 2012-11-19 14:43 - 00000000 ____D C:\Users\Mrs Whinfrey
2013-11-05 15:37 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2013-11-05 15:36 - 2013-11-01 23:44 - 00000058 _____ C:\windows\system32\zerobyte_files_deleted.txt
2013-11-05 15:36 - 2013-11-01 20:58 - 00000076 _____ C:\windows\zerobyte_files_deleted.txt
2013-11-05 15:31 - 2013-10-29 08:55 - 00000000 ____D C:\AdwCleaner
2013-11-05 15:22 - 2013-11-05 09:14 - 00001380 _____ C:\windows\PFRO.log
2013-11-05 15:20 - 2013-11-05 15:20 - 00000000 ____D C:\Program Files\stinger
2013-11-05 15:13 - 2013-11-02 11:11 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-05 15:07 - 2012-05-11 18:52 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-05 13:25 - 2013-11-05 13:25 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\SUPERAntiSpyware.com
2013-11-05 13:25 - 2013-11-05 13:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-05 13:24 - 2012-11-19 14:43 - 00000000 ___RD C:\Users\Mrs Whinfrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-05 12:48 - 2013-10-25 17:54 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-11-05 12:46 - 2013-11-05 12:46 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2013-11-05 12:46 - 2013-11-05 12:39 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-05 11:22 - 2012-12-09 09:41 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\Skype
2013-11-05 09:19 - 2013-10-29 08:32 - 00000000 ____D C:\ProgramData\MFAData
2013-11-05 09:16 - 2013-11-05 09:16 - 00000058 _____ C:\Users\Public\Desktop\Daves Support.url
2013-11-02 22:02 - 2013-11-02 22:02 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\Auslogics
2013-11-02 17:13 - 2013-11-02 17:11 - 00000000 ____D C:\ProgramData\Sophos
2013-11-02 17:11 - 2013-11-02 17:11 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-11-02 15:36 - 2013-11-02 15:36 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-02 13:22 - 2012-11-19 21:37 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-11-02 11:55 - 2013-10-29 08:32 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\Avg2014
2013-11-02 11:40 - 2013-11-02 11:40 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-02 11:40 - 2013-03-24 15:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-02 11:40 - 2012-05-11 18:35 - 00000000 ____D C:\ProgramData\Skype
2013-11-02 11:12 - 2013-11-02 11:13 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-02 11:12 - 2013-11-02 11:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-02 11:12 - 2012-05-11 18:18 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-02 11:12 - 2012-05-11 18:18 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-02 11:12 - 2012-05-11 18:18 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-02 11:11 - 2013-11-02 11:11 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-11-02 11:11 - 2012-11-19 14:46 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\Adobe
2013-11-02 11:11 - 2012-05-11 18:50 - 00000000 ____D C:\ProgramData\Adobe
2013-11-02 11:11 - 2012-05-11 18:47 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-02 11:11 - 2012-05-11 18:47 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-02 11:10 - 2013-11-02 11:10 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-02 11:10 - 2012-05-11 18:50 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-01 22:08 - 2012-05-12 03:13 - 00000000 ____D C:\windows\Panther
2013-11-01 20:50 - 2013-11-01 20:50 - 00000000 ____D C:\Users\Mrs Whinfrey\Desktop\MRSWHINFREY
2013-10-29 08:55 - 2013-10-29 08:55 - 01060070 _____ C:\Users\Mrs Whinfrey\Downloads\AdwCleaner (1).exe
2013-10-29 08:37 - 2013-10-29 08:37 - 00003230 _____ C:\windows\System32\Tasks\SidebarExecute
2013-10-29 08:37 - 2013-10-29 08:37 - 00000976 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-29 08:37 - 2013-10-29 08:37 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\TuneUp Software
2013-10-29 08:37 - 2013-10-29 08:37 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\AVG2014
2013-10-29 08:37 - 2013-10-29 08:35 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-29 08:35 - 2013-10-29 08:35 - 00000000 ___HD C:\$AVG
2013-10-29 08:35 - 2013-10-29 08:35 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-29 08:32 - 2013-10-29 08:32 - 04436568 _____ (AVG Technologies) C:\Users\Mrs Whinfrey\Downloads\avg_free_stb_all_2014_4158_cnet.exe
2013-10-29 08:32 - 2013-10-29 08:32 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\MFAData
2013-10-29 08:30 - 2012-11-21 18:47 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-28 21:39 - 2013-10-28 21:39 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Roaming\AVAST Software
2013-10-28 21:37 - 2012-11-21 18:48 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-10-28 21:06 - 2012-11-21 18:48 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-10-28 21:02 - 2012-11-21 18:48 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-10-28 18:02 - 2012-05-11 18:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-28 18:01 - 2013-10-28 18:00 - 00000000 ____D C:\windows\system32\MRT
2013-10-28 17:27 - 2013-10-28 17:27 - 00000045 _____ C:\windows\SysWOW64\initdebug.nfo
2013-10-28 17:19 - 2013-10-28 17:19 - 02143832 _____ C:\Users\Mrs Whinfrey\Downloads\instsf449.exe
2013-10-28 11:18 - 2009-07-14 03:20 - 00000000 ____D C:\windows\rescache
2013-10-28 09:18 - 2013-10-28 09:18 - 00000000 ____D C:\windows\ERUNT
2013-10-28 09:17 - 2013-10-28 09:17 - 01060070 _____ C:\Users\Mrs Whinfrey\Downloads\AdwCleaner.exe
2013-10-28 09:16 - 2013-10-28 09:16 - 01033335 _____ (Thisisu) C:\Users\Mrs Whinfrey\Downloads\JRT.exe
2013-10-26 16:22 - 2013-10-26 16:22 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-26 16:22 - 2013-10-26 16:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-26 16:21 - 2013-10-26 16:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mrs Whinfrey\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-25 16:23 - 2013-10-25 16:23 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 16:23 - 2013-10-25 16:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 16:23 - 2013-10-25 16:22 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 16:23 - 2013-10-25 16:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-25 16:22 - 2013-10-25 16:22 - 00000000 ____D C:\Program Files\iPod
2013-10-25 16:15 - 2013-10-25 16:15 - 00001856 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-10-25 16:15 - 2013-10-25 16:15 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-17 15:09 - 2012-05-11 18:52 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-16 08:02 - 2009-07-14 05:08 - 00032620 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-15 21:02 - 2012-05-11 18:52 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 21:02 - 2012-05-11 18:52 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 17:22 - 2013-10-09 18:21 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\LogMeIn Rescue Applet
2013-10-09 19:03 - 2009-07-14 04:45 - 00414704 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-09 18:51 - 2012-11-21 21:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 18:47 - 2013-03-14 09:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 18:47 - 2013-03-14 09:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 18:21 - 2013-10-09 18:21 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Mrs Whinfrey\Downloads\Support-LogMeInRescue.exe
2013-10-09 18:07 - 2013-10-09 18:07 - 00784888 _____ (Google Inc.) C:\Users\Mrs Whinfrey\Downloads\ChromeSetup.exe
2013-10-06 11:38 - 2012-11-19 16:08 - 00000000 ____D C:\Users\Mrs Whinfrey\AppData\Local\Google
 
Files to move or delete:
====================
C:\Users\Mrs Whinfrey\AppData\Roaming\skype.ini
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-01 22:35
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory as FRST.exe and save it as fixlist.txt

 

C:\Users\Mrs Whinfrey\AppData\Roaming\skype.ini

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013

Ran by Mrs Whinfrey at 2013-11-06 18:31:11 Run:1

Running from C:\Users\Mrs Whinfrey\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Users\Mrs Whinfrey\AppData\Roaming\skype.ini

*****************

 

C:\Users\Mrs Whinfrey\AppData\Roaming\skype.ini => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

One last additional scan:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Hi, i have run the scan on my neighbours laptop. The scan came up negative. As i had been in possession of it for over two weeks she asked for it back. I have let her have it to use. I can always ask for it back if you think more needs to be done, but as this scan was negative i thought it safe for her to use. She doesn't use for on line backing etc..

 

Is there any more that requires checking out, or things to clean up?

 

I can get it back off her if there is.

 

Regards Dave. 

Link to post
Share on other sites

Много добре, справяш се задоволително. Разбирам колко ти е труден нашия език. Аз също бях през септември в Созопол. Любимият ми черноморски град! :)

You're welcome! :)

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.