Jump to content

Trying to remove several infections


Recommended Posts

Good evening, last weekend my son in an attempt to win a fight in minecraft decided to download some form of hack. This has lead to seemingly many infections, amongst them 'knowledge ?????' which seemed rather nasty. I have also had an infected host file apparently. Now even after all week of several attempts at cleaning i still have issues. Tonight whilst trying to use Firefox it would not even allow me to visit this forum of Google.co.uk without reporting invalid certificates.

Clearly something is still wrong.

For information, i do have UTorrent, but have diasbled this as per instructions. There are four individual users on this PC, Does this make a difference to scans ? Can i still use the PC throughout this process or should we disconnect and only use when required to post scans ?

 

Thank you very much in advance.

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.45.2
Run by Mike at 21:47:21 on 2014-02-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.9207.2930 [GMT 0:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [soundMax] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_Plugin.exe -update plugin
mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2B7EB9E9-3835-4078-968A-08DCA5855514} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BB7263A3-7A60-415B-95A5-B48379B96ADC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BD98A1CD-0778-4528-A3D4-071F7A0F9C2C} : DHCPNameServer = 172.16.255.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e4iqr3us.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mike\AppData\Local\sswat_hwrc_win_live\npHotWheelsLoader.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2011-2-9 181040]
R0 mv64xx;mv64xx;C:\Windows\System32\drivers\mv64xx.sys [2009-7-29 333352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-9-12 270912]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-2 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-5-2 178448]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-26 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-1-22 282712]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-1-22 397848]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r [?]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-9-30 72216]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-1-22 1444120]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-5-2 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-5-2 29280]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\System32\drivers\PTSimBus.sys [2012-2-27 32600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-7-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\System32\drivers\PTSimHid.sys [2012-2-27 22360]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-1-27 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-1-27 13280]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-14 316312]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-14 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-21 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375208]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-02-22 05:07:29 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06E0BC58-4CB5-41F0-9B87-5911BECDD6AF}\offreg.dll
2014-02-21 07:26:04 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06E0BC58-4CB5-41F0-9B87-5911BECDD6AF}\mpengine.dll
2014-02-20 07:52:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-16 18:31:07 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2014-02-16 18:30:49 970520 ----a-w- C:\Windows\System32\rlls64.dll
2014-02-16 18:26:21 -------- d-----w- C:\ProgramData\boost_interprocess
2014-02-16 18:24:50 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager
2014-02-13 03:03:01 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 03:03:01 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 06:25:54 1882112 ----a-w- C:\Windows\System32\msxml3.dll
.
==================== Find3M  ====================
.
2014-02-10 01:16:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-10 01:16:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-22 20:37:26 316312 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-18 06:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-11 08:56:46 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-12-11 08:56:46 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-11-08 18:43:57 4096000 ----a-w- C:\Program Files (x86)\GUT587E.tmp
.
============= FINISH: 21:48:32.36 ===============
 
 
Attach
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 21/11/2009 23:57:04
System Uptime: 20/02/2014 17:17:15 (52 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P6T DELUXE
Processor: Intel® Core i7 CPU         920  @ 2.67GHz | LGA1366 | 2668/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 37.264 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 466 GiB total, 51.456 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 33.807 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 0 GiB total, 0.141 GiB free.
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP731: 20/02/2014 07:54:54 - AA11
RP732: 20/02/2014 07:59:07 - AA11
RP734: 21/02/2014 07:25:29 - Windows Update
.
==== Installed Programs ======================
.
ACDSee Free
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe After Effects CS5
Adobe After Effects CS5 Third Party Content
Adobe After Effects CS5 Third Party Royalty Content
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.9)
Adobe Shockwave Player 12.0
Aimersoft Audio Converter(Build 2.2.0.37)
Aimersoft DVD Copy(Build 2.1.0.6)
Aimersoft DVD Creator(Build 2.1.1.0)
Aimersoft DVD Ripper(Build 2.3.0.1)
Aimersoft DVD Studio Pack(Build 2.2.0.0)
Aimersoft Video Converter(Build 2.3.0.6)
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD APP SDK Runtime
AMD Drag and Drop Transcoding
Angry Birds Space
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier (x64)
Ashampoo Burning Studio 2010 Advanced
ATI Catalyst Install Manager
ATI Catalyst Registration
µTorrent
Audacity 1.3.14 (Unicode)
AviSynth 2.5
Awesome Duplicate Photo Finder v. 1.0.1
Bad Piggies
BBC iPlayer Desktop
Big Fish Games: Game Manager
Bonjour
Bridge Constructor
calibre
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility64
CCC Help English
CCleaner
CDBurnerXP
CL-Eye Driver
Combined Community Codec Pack 2009-09-09
ConvertXtoDVD 3.7.2.188
Coupon Printer
Crayon Physics Deluxe - release 53
Crayon Physics Deluxe Demo - release 52
CutePDF Writer 3.0
D3DX10
DAEMON Tools Lite
dBpoweramp Music Converter
Debugging Tools for Windows (x64)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
EaseUS MobiSaver 4.0
EPSON Printer Software
Euro Truck Simulator 2
EVEREST Home Edition v2.20
Facebook Video Calling 1.2.0.287
Farming Simulator 2013
ffdshow [rev 3142] [2009-12-03]
Freemake Video Converter version 3.1.2
FW LiveUpdate
Garry's Mod
Get the Picture!
Gimp 2.6.2 Debug
Google Chrome
Google Earth
Google Update Helper
Google+ Auto Backup
HD Writer AE 2.0
Hideman
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Games
HP Photo Creations
HP Photosmart Plus B210 series Basic Device Software
HP Photosmart Plus B210 series Help
HP Photosmart Plus B210 series Product Improvement Study
HP Update
ieSpell
ImgBurn
Inpaint 2.4
iTunes
Java 7 Update 45
Java Auto Updater
K. Hawk - Survival Instinct
Kaspersky Internet Security 2013
KomodoDrop v0.0.0.6
LAME v3.99.3 (for Windows)
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
marvell 64xx
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Windows Performance Toolkit
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MiniTool Partition Wizard Home Edition 7.1
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.2.0.1116
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NVIDIA PhysX
OpenOffice.org 3.2
PCHand Media Converter Pro 1.0.0.1
PDF Settings CS5
Picasa 3
Plants vs. Zombies
PunkBuster Services
QuickTime
Rapport
Recuva
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Send to SmugMug
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype Click to Call
Skype™ 6.11
SnugUp [Mike]
SoundMAX
SpeedFan (remove only)
Steam
swMSM
Tablet Driver V8.01
The Lord of the Rings FREE Trial 
TomTom HOME Visual Studio Merge Modules
Trusteer Endpoint Protection
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
Update Installer for WildTangent Games App
Vegas Pro 10.0 (64-bit)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio C++ 10.0 Runtime
VLC media player 1.0.3
VSO ConvertXToDVD
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile Device Center
WinRAR 4.20 (32-bit)
WMV9/VC-1 Video Playback
Wolfenstein - Enemy Territory
.
==== Event Viewer Messages From Past Week ========
.
22/02/2014 21:46:41, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
20/02/2014 17:18:19, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd
20/02/2014 17:18:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800792ab50, 0xfffff8000217a510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022014-36379-01.
20/02/2014 09:15:25, Error: volsnap [67]  - The shadow copy of volume C: being created failed to install.
19/02/2014 07:31:17, Error: Service Control Manager [7034]  - The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s).
18/02/2014 22:15:53, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 
 
Last Malwarebytes Quick scan
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.22.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mike :: MIKE-PC [administrator]
 
22/02/2014 21:35:25
mbam-log-2014-02-22 (21-35-25).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333517
Time elapsed: 9 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\GorillaPrice (PUP.Optional.GorillaPrice.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Previous quick scan
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.16.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mike :: MIKE-PC [administrator]
 
20/02/2014 17:23:18
mbam-log-2014-02-20 (17-23-18).txt
 
Scan type: Full scan (C:\|E:\|F:\|H:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 837564
Time elapsed: 3 hour(s), 18 minute(s), 27 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Previous to previous 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.16.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mike :: MIKE-PC [administrator]
 
20/02/2014 16:43:13
mbam-log-2014-02-20 (16-43-13).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330022
Time elapsed: 8 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Windows\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
 
(end)
 
 
Hope that was not to much info
 
Mike

 

Link to post
Share on other sites

Just for information overkill i have also done a 'RogueKiller' scan. But have NOT deleted anything from that scan.

 

RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Scan -- Date : 02/22/2014 23:36:56
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] EPUpdater : C:\Users\Tracie\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> F:\Users\Mikey\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> F:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> F:\Documents and Settings\Mike\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> F:\Documents and Settings\Oliver\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> F:\Documents and Settings\Tracie\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> F:\Documents and Settings\wdtv\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] bafa3e5a1936d62afe7a6405a596f81b
[bSP] b1267f332d284986e9abb969087eef91 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 238269 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488386560 | Size: 238469 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] c27ae50ebbc28c4033eff7951aa14c99
[bSP] c01a55791b9c32d8eabc6dabd686ad78 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) HP Photosmart Plus USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_02222014_233656.txt >>
RKreport[0]_S_02222014_233243.txt;RKreport[0]_S_02222014_233302.txt
Link to post
Share on other sites

Welcome to the forum.

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Next:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

First log

 

01:46:01.0507 0x2724  TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
01:46:08.0854 0x2724  ============================================================
01:46:08.0854 0x2724  Current date / time: 2014/02/23 01:46:08.0854
01:46:08.0854 0x2724  SystemInfo:
01:46:08.0855 0x2724  
01:46:08.0855 0x2724  OS Version: 6.1.7601 ServicePack: 1.0
01:46:08.0855 0x2724  Product type: Workstation
01:46:08.0855 0x2724  ComputerName: MIKE-PC
01:46:08.0855 0x2724  UserName: Mike
01:46:08.0855 0x2724  Windows directory: C:\Windows
01:46:08.0855 0x2724  System windows directory: C:\Windows
01:46:08.0855 0x2724  Running under WOW64
01:46:08.0855 0x2724  Processor architecture: Intel x64
01:46:08.0855 0x2724  Number of processors: 8
01:46:08.0855 0x2724  Page size: 0x1000
01:46:08.0855 0x2724  Boot type: Normal boot
01:46:08.0855 0x2724  ============================================================
01:46:10.0270 0x2724  KLMD registered as C:\Windows\system32\drivers\75200695.sys
01:46:10.0440 0x2724  System UUID: {AF247764-C6A2-FA92-2D38-C833ECB58528}
01:46:10.0984 0x2724  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:46:18.0012 0x2724  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:46:18.0248 0x2724  ============================================================
01:46:18.0248 0x2724  \Device\Harddisk0\DR0:
01:46:18.0325 0x2724  MBR partitions:
01:46:18.0325 0x2724  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
01:46:18.0325 0x2724  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1D15E800
01:46:18.0326 0x2724  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D1C3000, BlocksNum 0x1D1C2800
01:46:18.0326 0x2724  \Device\Harddisk1\DR1:
01:46:18.0326 0x2724  MBR partitions:
01:46:18.0326 0x2724  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
01:46:18.0326 0x2724  ============================================================
01:46:18.0353 0x2724  C: <-> \Device\Harddisk0\DR0\Partition2
01:46:18.0384 0x2724  E: <-> \Device\Harddisk1\DR1\Partition1
01:46:18.0419 0x2724  F: <-> \Device\Harddisk0\DR0\Partition3
01:46:18.0453 0x2724  H: <-> \Device\Harddisk0\DR0\Partition1
01:46:18.0453 0x2724  ============================================================
01:46:18.0453 0x2724  Initialize success
01:46:18.0453 0x2724  ============================================================
01:50:29.0721 0x0e7c  KLMD registered as C:\Windows\system32\drivers\50949014.sys
01:50:30.0969 0x0e7c  Deinitialize success
Link to post
Share on other sites

Clearly this will take you some time to look at and its 2.30am where I am so I'm off to bed and await your further instructions in the morning.

 

Not sure if this matters, however this machine has 2 operating systems (dual boot?). The other is Vista, which does not get used at all (and has not been for years). It is only on there because I do not know how to safely remove it. Just wondered if it would make your life harder. Just to reiterate, Vista has NOT been used since the full version of Win 7 was installed a good few years ago. 

 

Thank you very much for taking the time and effort to assist me, I'm very grateful.

 

Mike

Link to post
Share on other sites

OK, that was clean.

When you get a chance....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Please disable Windows Defender, you have Kaspersky running and having two or more anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

+++++++++++++++++++++++++++++++++++


Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

 MrC

Link to post
Share on other sites

AdwCleaner Logfile

 

# AdwCleaner v3.019 - Report created 23/02/2014 at 16:58:15
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Desktop\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Zoom Downloader
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Users\Mike\AppData\Local\genienext
Folder Deleted : C:\Users\Mike\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Mike\AppData\Local\PackageAware
Folder Deleted : C:\Users\Mike\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Mike\Documents\Mobogenie
Folder Deleted : C:\Users\Tracie\AppData\Local\PackageAware
Folder Deleted : C:\Users\Tracie\AppData\Roaming\Oxy
Folder Deleted : C:\Users\Tracie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\EPUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\torch
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;127.0.0.1:9421;<local>
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\e4iqr3us.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Tracie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [4850 octets] - [23/02/2014 16:53:47]
AdwCleaner[s0].txt - [4893 octets] - [23/02/2014 16:58:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4953 octets] ##########
Link to post
Share on other sites

Malwarebytes Log file

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.23.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Mike :: MIKE-PC [administrator]
 
23/02/2014 17:12:59
mbam-log-2014-02-23 (17-12-59).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 332316
Time elapsed: 7 minute(s), 49 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Next:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Use your CCleaner to clean out temp files.

Then........

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then update and run a scan with your Kaspersky and let me know how it is.

MrC

Link to post
Share on other sites

Hope I did this right. It suggested restarting the pc after running the fix. Do I do this now or after the Kaspersky scan. 

 

Is it a full or quick Kaspersky scan required ?

 

Once again, thank you for your help in this matter.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2014 01
Ran by Mike at 2014-02-23 23:15:06 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [X]
GroupPolicyUsers\S-1-5-21-3966799084-715824029-1276724486-1003\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DB61F672-0D05-4997-BEC6-96EAAB7C4106} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
S4 LMIRfsClientNP; No ImagePath
2014-02-20 07:45 - 2014-02-20 07:45 - 00380416 _____ () C:\Users\Tracie\Downloads\ygtpzif3.exe
2014-01-25 12:00 - 2014-01-25 12:00 - 01629584 _____ (Coupons.com Incorporated) C:\Users\Tracie\Downloads\couponprinter (6).exe
2014-01-25 11:59 - 2014-01-25 11:59 - 01629584 _____ (Coupons.com Incorporated) C:\Users\Tracie\Downloads\couponprinter (5).exe
C:\ProgramData\hash.dat
Task: {1734FF32-CEBE-4D06-9B11-FC3E1B766F1E} - \Oxy No Task File
Task: {626E40D8-DDE6-46F3-8621-EB99CD05038E} - \PileFile logon No Task File
Task: {772FD850-997D-489E-954E-4E5289269D38} - \FacebookUpdateTaskUserS-1-5-21-3966799084-715824029-1276724486-1004Core No Task File
Task: {77BA61C1-9977-41BE-9846-410526663D00} - \PileFile reminder No Task File
Task: {93801479-E4F3-495A-BDE3-BF8F5F1AD915} - \FacebookUpdateTaskUserS-1-5-21-3966799084-715824029-1276724486-1004UA No Task File
Task: {95B168AE-AFDB-4173-9635-77538616A041} - \EPUpdater No Task File
Task: {C36A10FE-6067-4DE9-840A-93C3DF820654} - \FacebookUpdateTaskUserS-1-5-21-3966799084-715824029-1276724486-1003Core No Task File
AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3966799084-715824029-1276724486-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DB61F672-0D05-4997-BEC6-96EAAB7C4106} => Value deleted successfully.
HKCR\CLSID\{DB61F672-0D05-4997-BEC6-96EAAB7C4106} => Key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} => Value deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
LMIRfsClientNP => Service deleted successfully.
C:\Users\Tracie\Downloads\ygtpzif3.exe => Moved successfully.
C:\Users\Tracie\Downloads\couponprinter (6).exe => Moved successfully.
C:\Users\Tracie\Downloads\couponprinter (5).exe => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1734FF32-CEBE-4D06-9B11-FC3E1B766F1E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1734FF32-CEBE-4D06-9B11-FC3E1B766F1E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{626E40D8-DDE6-46F3-8621-EB99CD05038E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{626E40D8-DDE6-46F3-8621-EB99CD05038E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PileFile logon => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{772FD850-997D-489E-954E-4E5289269D38} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{772FD850-997D-489E-954E-4E5289269D38} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3966799084-715824029-1276724486-1004Core => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77BA61C1-9977-41BE-9846-410526663D00} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77BA61C1-9977-41BE-9846-410526663D00} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PileFile reminder => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93801479-E4F3-495A-BDE3-BF8F5F1AD915} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93801479-E4F3-495A-BDE3-BF8F5F1AD915} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3966799084-715824029-1276724486-1004UA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95B168AE-AFDB-4173-9635-77538616A041} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B168AE-AFDB-4173-9635-77538616A041} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36A10FE-6067-4DE9-840A-93C3DF820654} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36A10FE-6067-4DE9-840A-93C3DF820654} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3966799084-715824029-1276724486-1003Core => Key deleted successfully.
C:\ProgramData\TEMP => ":0E22C5DB" ADS removed successfully.
C:\ProgramData\TEMP => ":B1FBBD09" ADS removed successfully.
C:\ProgramData\TEMP => ":C76CFF82" ADS removed successfully.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.