Malwarebytes blocks internet connection

[jam_spoons]

Hello,

 

You helped me before and were brilliant and I was wondering if you could please help me once more?

 

I advised a friend to run Malwarebytes along with MSE but when Malwarebytes starts running it always blocks access to the internet so she has to disable it to get online.

 

I've tried my best to clean off her PC but the problem persists and I saw that it may be a "hidden DNS hijack" from another thread.

 

I've run the dds script and the Farbar scan tool and the logs are below.

 

I'd be very appreciative if someone could look into this for me.

 

Many thanks

Jo

 

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.15.2
Run by dave at 16:38:10 on 2014-05-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2046.1001 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uProxyServer =
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Yahoo Community Smartbar (by Linkury): {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\packer~1.lnk - c:\users\dave\appdata\roaming\opencandy\d74f5f4b2d1a42d880c0e1f59ca7176b\Packer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{1527C122-8FB6-46CC-A354-6D411D8B9841} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{2C2E8488-C476-405F-BAA9-A47DBAF55567} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{6384F98E-88DA-4BFB-B44D-28A2EF17E44E} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{EB10810C-1352-427A-9EED-48CA2BDD15E4} : DHCPNameServer = 192.168.1.254
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-3-14 36392]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-20 21504]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-5-8 241728]
R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-5-15 73432]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-15 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-15 857912]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-15 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-15 107736]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-15 51416]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2009-5-28 29184]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-19 83168]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-3-11 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-05-15 13:55:29    765968    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{2b2c83bc-ec11-4fe7-8600-4a0c3f7addd0}\gapaengine.dll
2014-05-15 13:46:42    8050496    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{009c9ac1-4161-423f-b9c2-cbcb49bb0689}\mpengine.dll
2014-05-15 13:16:22    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-15 13:15:59    73432    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-15 13:15:59    51416    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-15 13:15:59    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-15 13:15:59    --------    d-----w-    c:\programdata\Malwarebytes
2014-05-15 13:15:59    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-15 12:45:28    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-08 13:41:51    --------    d-----w-    c:\program files\Uninstaller
2014-05-08 13:37:32    --------    d-----w-    c:\users\dave\appdata\roaming\VOPackage
2014-05-08 13:36:58    --------    d-----w-    c:\program files\MyPC Backup
2014-05-08 13:17:57    --------    d-----w-    c:\users\dave\appdata\roaming\Foxit Software
2014-05-08 13:17:21    --------    d-----w-    c:\program files\Foxit Software
2014-05-08 12:55:47    765968    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-05-08 12:54:11    8050496    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-05 17:14:09    --------    d-----w-    c:\program files\Microsoft Security Client
2014-05-05 17:13:26    221568    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-05-05 16:03:25    --------    d-----w-    C:\$RECYCLE.BIN
2014-05-05 15:45:34    98816    ----a-w-    c:\windows\sed.exe
2014-05-05 15:45:34    256000    ----a-w-    c:\windows\PEV.exe
2014-05-05 15:45:34    208896    ----a-w-    c:\windows\MBR.exe
2014-05-05 15:35:18    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-05-05 15:34:52    --------    d-----w-    C:\AdwCleaner
2014-05-05 15:29:40    --------    d-----w-    c:\windows\ERUNT
2014-05-05 14:56:16    8050496    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{d86b080e-dd22-4b81-8416-4c9eae2f3cc6}\mpengine.dll
.
==================== Find3M  ====================
.
2014-03-31 21:46:48    130712    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2014-03-31 21:46:48    1070232    ----a-w-    c:\windows\system32\MSCOMCTL.OCX
2014-03-11 08:52:30    104264    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-07 23:12:00    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-07 23:02:19    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-03-07 22:57:17    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03    421376    ----a-w-    c:\windows\system32\vbscript.dll
.
============= FINISH: 16:39:26.17 ===============
 

attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 31/12/2007 12:18:44
System Uptime: 15/05/2014 16:29:10 (0 hours ago)
.
Motherboard: Packard Bell BV |  | PT890-8237A
Processor: Intel® Core2 Duo CPU     E4500  @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 113.819 GiB free.
E: is Removable
F: is Removable
G: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-H40N________________RG01____\5&1D2C6A94&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVDRAM GSA-H40N ATA Device
PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-H40N________________RG01____\5&1D2C6A94&0&0.0.0
Service: cdrom
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader   
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#
Manufacturer: Generic
Name: USB CF Reader   
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB MS Reader   
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3#
Manufacturer: Generic
Name: USB MS Reader   
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SD Reader   
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0#
Manufacturer: Generic
Name: USB SD Reader   
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SM Reader   
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2#
Manufacturer: Generic
Name: USB SM Reader   
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2#
Service: WUDFRd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belkin Wireless USB Utility
Bonjour
Compatibility Pack for the 2007 Office system
DMUninstaller
Foxit Cloud
Foxit Reader
GearDrvs
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Internet From BT
iTunes
Java 7 Update 15
Java Auto Updater
LPT System Updater Service
MagicSports 3.5
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Microsoft® Office Trial 2007
MobileMe Control Panel
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyPC Backup
Norton 360
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
Packard Bell ImageWriter
Packard Bell LCD Test
QuickTime
Realtek HD Audio V6.0.1.5377
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Search Protect
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video NVIDIA v162.22
WinPatrol
Yahoo Community Smartbar Engine
.
==== End Of File ===========================
 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-05-2014
Ran by dave (administrator) on DAVE-PC on 15-05-2014 16:53:18
Running from C:\Users\dave\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Belkin) C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [iSUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3661334880-1982377886-768432890-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
ShortcutTarget: Belkin Wireless USB Utility.lnk -> C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Packer.exe.lnk
ShortcutTarget: Packer.exe.lnk -> C:\Users\dave\AppData\Roaming\OpenCandy\D74F5F4B2D1A42D880C0E1F59CA7176B\Packer.exe (No File)
Startup: C:\Users\lukezoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3661334880-1982377886-768432890-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer:
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRJbBukZJ7n-FayWQBmw,,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRJbBukZJ7n-FayWQBmw,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRIU3wzuAFbqn3CtZ9CQ,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRIU3wzuAFbqn3CtZ9CQ,,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default
FF DefaultSearchEngine: Google
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-24]
FF Extension: Google Toolbar for Firefox - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-01-04]
FF Extension: TalkTalk Mail Toolbar - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\Extensions\{e50376b0-4ded-4d46-a0ba-d3d87c971b56} [2011-06-06]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-08-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010-01-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Wallet) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR HKLM\...\Chrome\Extension: [gkcgjggoajjmljagopjnpjgbddigbcap] - C:\Users\dave\AppData\Local\CRE\gkcgjggoajjmljagopjnpjgbddigbcap.crx [2013-09-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-03-06] ()
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
S3 BLKWGU(Belkin); C:\Windows\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [73432 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl75ad56aa; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{009C9AC1-4161-423F-B9C2-CBCB49BB0689}\MpKsl75ad56aa.sys [39464 2014-05-15] (Microsoft Corporation)
S3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 WZCSVC;
U3 mbr; \??\C:\Users\dave\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-15 16:53 - 2014-05-15 16:53 - 00015529 _____ () C:\Users\dave\Downloads\FRST.txt
2014-05-15 16:53 - 2014-05-15 16:53 - 00000000 ____D () C:\FRST
2014-05-15 16:43 - 2014-05-15 16:43 - 00008520 _____ () C:\Users\dave\Desktop\attach.txt
2014-05-15 16:43 - 2014-05-15 16:39 - 00011351 _____ () C:\Users\dave\Desktop\dds.txt
2014-05-15 14:55 - 2014-05-15 14:55 - 01056256 _____ (Farbar) C:\Users\dave\Downloads\FRST.exe
2014-05-15 14:46 - 2014-05-15 14:46 - 00688992 ____R (Swearware) C:\Users\dave\Downloads\dds.com
2014-05-15 14:34 - 2014-05-15 14:41 - 00002228 _____ () C:\Users\dave\Desktop\Rkill.txt
2014-05-15 14:16 - 2014-05-15 16:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 14:16 - 2014-05-15 14:16 - 00000862 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 14:16 - 2014-05-15 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 14:15 - 2014-05-15 14:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-15 14:15 - 2014-05-15 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 14:15 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 14:15 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 14:15 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 14:11 - 2014-05-15 14:11 - 00315392 _____ (Malwarebytes Corporation) C:\Users\dave\Downloads\mbam-clean-2.0.2.0.exe
2014-05-15 14:09 - 2014-05-15 14:09 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (2).zip
2014-05-15 13:48 - 2014-05-15 13:48 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 13:47 - 2014-05-15 13:48 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dave\Downloads\mbam-setup-2.0.1.1004 (4).exe
2014-05-15 13:45 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 13:45 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 13:45 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 13:38 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-08 14:37 - 2014-05-14 21:19 - 00000000 ____D () C:\Users\dave\AppData\Roaming\VOPackage
2014-05-08 14:37 - 2014-05-08 14:37 - 00001717 _____ () C:\Users\dave\Desktop\Sync Folder.lnk
2014-05-08 14:37 - 2014-05-08 14:37 - 00000847 _____ () C:\Users\dave\Desktop\MyPC Backup.lnk
2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-05-08 14:36 - 2014-05-15 14:01 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-05-08 14:33 - 2014-05-08 14:37 - 00000000 _____ () C:\END
2014-05-08 14:17 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Foxit Software
2014-05-08 14:17 - 2014-05-08 14:17 - 00001896 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Program Files\Foxit Software
2014-05-05 18:15 - 2014-05-05 18:15 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-05-05 18:15 - 2014-05-05 18:15 - 00001789 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-05 18:14 - 2014-05-05 18:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-05 18:13 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-05-05 18:05 - 2014-05-05 18:05 - 11241816 _____ (Microsoft Corporation) C:\Users\dave\Downloads\mseinstall.exe
2014-05-05 17:14 - 2014-05-05 17:14 - 00000000 ____D () C:\Users\dave\Downloads\tdsskiller (1)
2014-05-05 17:13 - 2014-05-05 17:14 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (1).zip
2014-05-05 17:08 - 2014-05-05 17:08 - 00026512 _____ () C:\ComboFix.txt
2014-05-05 16:45 - 2014-05-05 17:08 - 00000000 ____D () C:\Qoobox
2014-05-05 16:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-05 16:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-05 16:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-05 16:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-05 16:44 - 2014-05-05 17:07 - 00000000 ____D () C:\Windows\erdnt
2014-05-05 16:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-05 16:34 - 2014-05-05 17:11 - 00000000 ____D () C:\AdwCleaner
2014-05-05 16:34 - 2014-05-05 16:34 - 01316991 _____ () C:\Users\dave\Downloads\AdwCleaner.exe
2014-05-05 16:29 - 2014-05-05 16:29 - 01016261 _____ (Thisisu) C:\Users\dave\Downloads\JRT.exe
2014-05-05 16:29 - 2014-05-05 16:29 - 00000000 ____D () C:\Windows\ERUNT
2014-05-05 16:28 - 2014-05-05 16:29 - 05199940 ____R (Swearware) C:\Users\dave\Downloads\ComboFix.exe
2014-05-05 16:26 - 2014-05-05 16:27 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller.zip
2014-05-05 16:26 - 2014-05-05 16:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dave\Downloads\tdsskiller.exe
2014-05-05 16:26 - 2014-05-05 16:26 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\dave\Downloads\iExplore.exe
2014-04-26 18:28 - 2014-04-26 18:28 - 00869456 _____ () C:\Users\dave\Downloads\Norton_Removal_Tool.exe
2014-04-18 14:19 - 2014-04-18 14:19 - 01889841 _____ () C:\Users\dave\Downloads\Resistant+Materials(2).pptx

==================== One Month Modified Files and Folders =======

2014-05-15 16:53 - 2014-05-15 16:53 - 00015529 _____ () C:\Users\dave\Downloads\FRST.txt
2014-05-15 16:53 - 2014-05-15 16:53 - 00000000 ____D () C:\FRST
2014-05-15 16:52 - 2006-11-02 11:33 - 00778264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 16:51 - 2011-01-22 16:32 - 00018276 _____ () C:\Windows\setupact.log
2014-05-15 16:43 - 2014-05-15 16:43 - 00008520 _____ () C:\Users\dave\Desktop\attach.txt
2014-05-15 16:39 - 2014-05-15 16:43 - 00011351 _____ () C:\Users\dave\Desktop\dds.txt
2014-05-15 16:37 - 2007-12-31 13:18 - 02095905 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 16:33 - 2014-05-15 14:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 16:31 - 2010-02-07 20:12 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-15 16:29 - 2007-08-25 08:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-15 16:29 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 16:29 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 16:29 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 14:58 - 2006-11-02 14:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-15 14:55 - 2014-05-15 14:55 - 01056256 _____ (Farbar) C:\Users\dave\Downloads\FRST.exe
2014-05-15 14:46 - 2014-05-15 14:46 - 00688992 ____R (Swearware) C:\Users\dave\Downloads\dds.com
2014-05-15 14:41 - 2014-05-15 14:34 - 00002228 _____ () C:\Users\dave\Desktop\Rkill.txt
2014-05-15 14:30 - 2007-08-25 08:49 - 00000000 ____D () C:\Program Files\Google
2014-05-15 14:23 - 2010-02-07 20:12 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-15 14:16 - 2014-05-15 14:16 - 00000862 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 14:16 - 2014-05-15 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 14:16 - 2014-05-15 14:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-15 14:15 - 2014-05-15 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 14:13 - 2011-01-22 21:01 - 01039302 _____ () C:\Windows\PFRO.log
2014-05-15 14:11 - 2014-05-15 14:11 - 00315392 _____ (Malwarebytes Corporation) C:\Users\dave\Downloads\mbam-clean-2.0.2.0.exe
2014-05-15 14:09 - 2014-05-15 14:09 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (2).zip
2014-05-15 14:08 - 2013-03-30 11:12 - 00000000 ____D () C:\Users\dave\AppData\Local\CrashDumps
2014-05-15 14:01 - 2014-05-08 14:36 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-05-15 13:52 - 2013-08-16 10:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 13:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:49 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-15 13:48 - 2014-05-15 13:48 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 13:48 - 2014-05-15 13:47 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dave\Downloads\mbam-setup-2.0.1.1004 (4).exe
2014-05-15 13:48 - 2007-08-25 08:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 07:59 - 2006-11-02 13:47 - 03653360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 21:19 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\VOPackage
2014-05-14 20:35 - 2007-12-31 13:51 - 00070744 _____ () C:\Users\dave\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-08 19:40 - 2007-12-31 13:51 - 00000000 ____D () C:\Users\dave\AppData\Local\Google
2014-05-08 14:37 - 2014-05-08 14:37 - 00001717 _____ () C:\Users\dave\Desktop\Sync Folder.lnk
2014-05-08 14:37 - 2014-05-08 14:37 - 00000847 _____ () C:\Users\dave\Desktop\MyPC Backup.lnk
2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-05-08 14:37 - 2014-05-08 14:33 - 00000000 _____ () C:\END
2014-05-08 14:18 - 2014-05-08 14:17 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Foxit Software
2014-05-08 14:17 - 2014-05-08 14:17 - 00001896 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Program Files\Foxit Software
2014-05-08 14:17 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-05-06 00:32 - 2014-05-15 13:45 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-15 13:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 00:14 - 2014-05-15 13:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:16 - 2014-04-14 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-05-05 19:16 - 2014-04-14 18:50 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-05 18:15 - 2014-05-05 18:15 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-05-05 18:15 - 2014-05-05 18:15 - 00001789 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-05 18:15 - 2014-05-05 18:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-05 18:05 - 2014-05-05 18:05 - 11241816 _____ (Microsoft Corporation) C:\Users\dave\Downloads\mseinstall.exe
2014-05-05 17:41 - 2011-06-26 15:01 - 00000000 ____D () C:\Users\dave\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-05-05 17:38 - 2007-08-25 08:38 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-05 17:33 - 2008-04-07 20:46 - 00000000 ____D () C:\Users\dave\AppData\Roaming\InstallShield
2014-05-05 17:32 - 2008-05-24 17:27 - 00000000 ____D () C:\Program Files\Adobe
2014-05-05 17:31 - 2008-05-24 17:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-05 17:31 - 2008-01-02 16:03 - 00000000 ____D () C:\Users\dave\AppData\Local\Adobe
2014-05-05 17:31 - 2007-08-25 08:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-05 17:28 - 2009-03-13 17:21 - 00000000 ____D () C:\Windows\system32\Adobe
2014-05-05 17:28 - 2007-08-25 08:48 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-05 17:26 - 2008-04-07 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
2014-05-05 17:26 - 2008-04-07 20:49 - 00000000 ____D () C:\Program Files\Sony
2014-05-05 17:22 - 2007-08-25 08:38 - 00000000 ____D () C:\Program Files\Packard Bell
2014-05-05 17:21 - 2007-08-25 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell Support
2014-05-05 17:14 - 2014-05-05 17:14 - 00000000 ____D () C:\Users\dave\Downloads\tdsskiller (1)
2014-05-05 17:14 - 2014-05-05 17:13 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (1).zip
2014-05-05 17:11 - 2014-05-05 16:34 - 00000000 ____D () C:\AdwCleaner
2014-05-05 17:08 - 2014-05-05 17:08 - 00026512 _____ () C:\ComboFix.txt
2014-05-05 17:08 - 2014-05-05 16:45 - 00000000 ____D () C:\Qoobox
2014-05-05 17:08 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-05-05 17:07 - 2014-05-05 16:44 - 00000000 ____D () C:\Windows\erdnt
2014-05-05 17:03 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-05 17:01 - 2007-12-31 13:38 - 00000000 ____D () C:\Users\dave
2014-05-05 16:34 - 2014-05-05 16:34 - 01316991 _____ () C:\Users\dave\Downloads\AdwCleaner.exe
2014-05-05 16:29 - 2014-05-05 16:29 - 01016261 _____ (Thisisu) C:\Users\dave\Downloads\JRT.exe
2014-05-05 16:29 - 2014-05-05 16:29 - 00000000 ____D () C:\Windows\ERUNT
2014-05-05 16:29 - 2014-05-05 16:28 - 05199940 ____R (Swearware) C:\Users\dave\Downloads\ComboFix.exe
2014-05-05 16:27 - 2014-05-05 16:26 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller.zip
2014-05-05 16:26 - 2014-05-05 16:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dave\Downloads\tdsskiller.exe
2014-05-05 16:26 - 2014-05-05 16:26 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\dave\Downloads\iExplore.exe
2014-05-05 16:19 - 2007-12-31 13:55 - 00108032 _____ () C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-26 19:15 - 2011-04-28 16:46 - 00000000 ____D () C:\Users\dave\Documents\saves
2014-04-26 19:14 - 2011-04-28 16:46 - 00000000 ____D () C:\Users\dave\Documents\stats
2014-04-26 19:14 - 2009-04-25 22:14 - 00000000 ____D () C:\Users\dave\Documents\Symantec
2014-04-26 18:35 - 2007-08-25 08:50 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-26 18:28 - 2014-04-26 18:28 - 00869456 _____ () C:\Users\dave\Downloads\Norton_Removal_Tool.exe
2014-04-26 18:28 - 2009-03-26 19:45 - 00000680 _____ () C:\Users\dave\AppData\Local\d3d9caps.dat
2014-04-18 14:19 - 2014-04-18 14:19 - 01889841 _____ () C:\Users\dave\Downloads\Resistant+Materials(2).pptx

Some content of TEMP:
====================
C:\Users\dave\AppData\Local\Temp\BackupSetup.exe
C:\Users\dave\AppData\Local\Temp\Quarantine.exe
C:\Users\dave\AppData\Local\Temp\_is22DB.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-15 16:43

==================== End Of Log ============================

 

 

[jam_spoons]

Log continued

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-05-2014
Ran by dave at 2014-05-15 16:54:05
Running from C:\Users\dave\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation) Hidden
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
DMUninstaller (HKLM\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Internet From BT (Version:  - ) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
MagicSports 3.5 (Version:  - ) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft® Office Trial 2007 (HKLM\...\OFF2k7_UK) (Version:  - )
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Norton 360 (Version: 1.0.0.184 - Symantec Corporation) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Packard Bell ImageWriter (HKLM\...\ImageWriter) (Version:  - )
Packard Bell LCD Test (HKLM\...\LCDTest) (Version:  - )
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek HD Audio V6.0.1.5377 (HKLM\...\AUDIO_REALTEK) (Version:  - )
Realtek High Definition Audio Driver (Version: 6.0.1.5377 - Realtek Semiconductor Corp.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search Protect (HKLM\...\SearchProtect) (Version: 2.12.20.154 - Conduit) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Video NVIDIA v162.22 (HKLM\...\VIDEO_NVIDIA) (Version:  - )
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios)
Yahoo Community Smartbar Engine (HKCU\...\{86bc7a88-4fb1-4c79-b21b-31909aa79005}) (Version: 11.47.66.16718 - Linkury Inc.) <==== ATTENTION

==================== Restore Points  =========================

15-03-2014 13:08:06 Windows Update
22-03-2014 09:51:16 Windows Update
22-03-2014 10:31:24 Norton_Power_Eraser_20140322103124593
11-04-2014 08:19:20 Windows Update
12-04-2014 08:26:50 Windows Update
13-04-2014 02:00:28 Windows Update
14-04-2014 16:09:12 Scheduled Checkpoint
14-04-2014 17:01:51 Windows Update
14-04-2014 17:18:52 Removed Facebook Video Calling 2.0.0.447
14-04-2014 17:23:31 Removed Safari
14-04-2014 17:29:52 Removed Adobe Community Help
14-04-2014 17:30:41 Removed Java 6 Update 37
14-04-2014 19:07:22 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
14-04-2014 19:08:09 Device Driver Package Install: Apple Network adapters
14-04-2014 19:10:25 Revo Uninstaller's restore point - WinRAR 4.01 (32-bit)
19-04-2014 07:31:32 Windows Update
27-04-2014 15:17:06 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.1.1004
27-04-2014 15:18:06 Revo Uninstaller's restore point - Norton 360 2007
01-05-2014 19:27:51 Windows Update
05-05-2014 14:54:06 Windows Update
05-05-2014 16:17:44 Revo Uninstaller's restore point - iBackupBot for iTunes 3.6.4
05-05-2014 16:19:58 Revo Uninstaller's restore point - Sony Picture Utility
05-05-2014 16:20:27 Removed Sony Picture Utility
05-05-2014 16:20:52 Removed Browser
05-05-2014 16:21:21 Revo Uninstaller's restore point - Infocentre Rev. 2.0
05-05-2014 16:21:55 Removed VolumeWatcher
05-05-2014 16:22:25 Removed InitTool
05-05-2014 16:22:52 Revo Uninstaller's restore point - Media Go
05-05-2014 16:23:05 Removed Media Go
05-05-2014 16:23:19 Removed Importer
05-05-2014 16:23:49 Removed Announce
05-05-2014 16:24:55 Removed Map View
05-05-2014 16:25:26 Removed DataDiscMaker
05-05-2014 16:25:53 Removed SBS_PXEngine
05-05-2014 16:26:23 Removed Shared3
05-05-2014 16:26:55 Revo Uninstaller's restore point - AMR to MP3 Converter 1.4
05-05-2014 16:28:42 Revo Uninstaller's restore point - Adobe Shockwave Player 11.5
05-05-2014 16:29:39 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin
05-05-2014 16:30:41 Revo Uninstaller's restore point - Adobe Reader 8.1.2
05-05-2014 16:32:26 Revo Uninstaller's restore point - Adobe AIR
05-05-2014 16:33:23 Revo Uninstaller's restore point - Adobe Download Assistant
05-05-2014 16:39:39 Revo Uninstaller's restore point - Adobe Download Assistant
05-05-2014 16:40:31 Removed Adobe Download Assistant
05-05-2014 16:43:04 Revo Uninstaller's restore point - Adobe Reader 8
05-05-2014 16:45:03 Revo Uninstaller's restore point - Keyboard FIJI
05-05-2014 16:45:44 Revo Uninstaller's restore point - SetUp My PC
05-05-2014 16:47:19 Revo Uninstaller's restore point - FBackup 4
05-05-2014 16:48:37 Revo Uninstaller's restore point - Shockwave player 10
05-05-2014 16:49:50 Revo Uninstaller's restore point - Packard Bell Updator
05-05-2014 16:50:46 Revo Uninstaller's restore point - Flash Player 9 Internet Explorer
05-05-2014 16:51:35 Revo Uninstaller's restore point - HDReg
05-05-2014 16:51:50 Removed HDReg
05-05-2014 16:55:00 Windows Update
05-05-2014 17:13:04 Windows Update
14-05-2014 19:48:43 Revo Uninstaller's restore point - Yahoo Community Smartbar
14-05-2014 19:51:41 Removed Yahoo Community Smartbar
14-05-2014 20:06:29 Windows Update
15-05-2014 12:27:59 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.1.1004
15-05-2014 12:42:56 Windows Update
15-05-2014 13:28:22 Revo Uninstaller's restore point - Google Chrome

==================== Hosts content: ==========================

2006-11-02 11:23 - 2014-05-05 17:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01C0C708-2445-4DC6-8357-67934793AB0D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {05037DF8-29BC-45D5-A634-C3D61D8146A9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {288FE330-0558-43F1-8BE0-89BAC4092267} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3FDBE9E7-BF49-459C-99F6-0F787E986836} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {688B2C34-3847-4863-B613-326116596225} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe
Task: {79C91841-82B3-418F-A2C1-3009C568F8D9} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe
Task: {7B5A4A79-F263-4385-9115-89B0EC84E34E} - System32\Tasks\Microsoft\Windows\RestartManager\{BF68DABD-A8AD-4eb1-BD52-BC8E4AD1935B} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {981A63BA-6270-4977-814B-81DF81F0BB24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)
Task: {C438F13B-9434-499F-A73B-6226A70EB01A} - System32\Tasks\AdobeAAMUpdater-1.0-dave-PC-dave => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {CC6D768B-5141-4365-ACB4-769BBF41219B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - dave => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EA863FBF-423C-4C92-B5AD-3B7DB9558F8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)
Task: {F4890BCD-656E-433C-945D-A7433AB473B3} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-08 14:18 - 2014-05-08 14:18 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-04-14 18:50 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2005-10-28 12:13 - 2005-10-28 12:13 - 00167936 _____ () C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll
2005-10-28 12:13 - 2005-10-28 12:13 - 00061440 _____ () C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08
AlternateDataStreams: C:\Users\dave\Desktop\Holiday snaps:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\elps:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\HMRC  Submission receipt_files:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\ModLoader (3):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\SMP's Revival:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Downloads\YogBox_1.7.3_B6 (2):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\bin:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\config:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Datel:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\elps:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\luke homework folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\MapView:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\mods:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\My Projects:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder (2):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder (3):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder (5):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New Folder (6):Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\New price.eml:OECustomProperty
AlternateDataStreams: C:\Users\dave\Documents\OneNote Notebooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Picture Motion Browser:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\resources:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\samsung:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\saves:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\stats:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Symantec:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\texturepacks:Roxio EMC Stream
AlternateDataStreams: C:\Users\dave\Documents\Updater5:Roxio EMC Stream
AlternateDataStreams: C:\Users\lukezoe\Documents\My Google Gadgets:Roxio EMC Stream
AlternateDataStreams: C:\Users\lukezoe\Documents\OneNote Notebooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\Public\Roaming:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: GoogleDesktopManager-110309-193829 => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\startupfolder: C:^Users^dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe

==================== Faulty Device Manager Devices =============

Name: HL-DT-ST DVDRAM GSA-H40N ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: USB CF Reader   
Description: USB CF Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: USB MS Reader   
Description: USB MS Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: USB SD Reader   
Description: USB SD Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: USB SM Reader   
Description: USB SM Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2014 02:28:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3dfac78a-3276-4675-ba39-30a67139caba}

Error: (05/15/2014 02:16:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.

Error: (05/15/2014 02:16:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12017 (0x2ef1)

Error: (05/15/2014 02:15:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.

Error: (05/15/2014 02:15:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12017 (0x2ef1)

Error: (05/15/2014 02:08:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0xfd4, application start time 0xmbam.exe0.

Error: (05/15/2014 02:08:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application taskmgr.exe, version 6.0.6001.18000, time stamp 0x47918e94, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x73c874b2,
process id 0x468, application start time 0xtaskmgr.exe0.

Error: (05/15/2014 02:05:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.

Error: (05/15/2014 02:05:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12017 (0x2ef1)

Error: (05/15/2014 02:05:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist.


System errors:
=============
Error: (05/15/2014 02:57:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.173.2219.0){C9FF5D63-6345-4A19-AD5E-7158C080C815}201

Error: (05/15/2014 02:55:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.2219.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/15/2014 02:30:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 111.13.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/15/2014 02:30:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.1635.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/15/2014 02:30:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.1635.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/15/2014 02:29:47 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.1635.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/15/2014 02:20:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 111.13.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/15/2014 02:20:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.1635.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/15/2014 02:20:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.1635.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/15/2014 02:20:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.173.1635.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (01/19/2014 11:12:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2258 seconds with 240 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-15 16:53:52.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-15 16:53:51.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-15 16:53:51.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-15 16:53:51.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-15 16:53:50.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-15 16:53:50.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-15 16:53:49.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-15 16:53:49.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-15 16:53:34.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-15 16:53:33.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 2045.76 MB
Available physical RAM: 964.17 MB
Total Pagefile: 4346.77 MB
Available Pagefile: 3127.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.01 MB

==================== Drives ================================

Drive c: (HDD) (Fixed) (Total:224.88 GB) (Free:113.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:1.99 GB) (Free:1.99 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 4DF9FDDA)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 2 GB) (Disk ID: 08FECB2D)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

[Maniac]

Hello jam_spoons! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

I notice that you are using more than one antivirus program.

• Microsoft Security Essentials
• Norton 360
• This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them and reboot your system.

  Step 2

  Please uninstall the following programs:

  DMUninstaller

  MyPC Backup

  LPT System Updater Service

  Search Protect

  Yahoo Community Smartbar Engine

  Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

[jam_spoons]

Hi Borislav,

Many thanks for replying.  I pay for a subscription to Malwarebytes but I'm doing this for a friend who doesn't and I found this forum very helpful last time so I just thought I'd come back.

 

Norton was removed before I installed MSE.  I used a Norton uninstaller tool but I notice it has still left some files and folders in there.  I've done my best to remove all of those but I think there may still be items remaining.

 

I've also done my best to uninstall the items on your list using Revo.

 

Here is the Mbam scan log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/05/2014
Scan Time: 20:04:06
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.16.13
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: dave

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309720
Time Elapsed: 14 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, Quarantined, [f12cada5a7d4c76f48324172ff0433cd],

Physical Sectors: 0
(No malicious items detected)


(end)

[Maniac]

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan button. Wait until is finished.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log

[jam_spoons]

Hello again.  Many thanks for your reply.

Here are the two logs you requested.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x86
Ran by dave on 18/05/2014 at 15:09:36.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\dave\appdata\locallow\smartbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/05/2014 at 15:11:55.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v3.208 - Report created 18/05/2014 at 15:16:13
# Updated 11/05/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : dave - DAVE-PC
# Running from : C:\Users\dave\Downloads\adwcleaner_3.208.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\dave\AppData\Roaming\Solvusoft
Folder Deleted : C:\Users\dave\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v2.0 (en-GB)

[ File : C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317933&octid=EB_ORIGINAL_CTID&ISID=MB450E33F-1D4E-4DC5-AE1B-8680844F5483&SearchSource=58&CUI=&UM=5&UP=SP31BD9838-B86D-4CC4-8676-B37F182402FE&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [4657 octets] - [05/05/2014 16:35:00]
AdwCleaner[R1].txt - [1007 octets] - [05/05/2014 17:10:40]
AdwCleaner[R2].txt - [2428 octets] - [18/05/2014 15:13:34]
AdwCleaner[s0].txt - [4800 octets] - [05/05/2014 16:36:10]
AdwCleaner[s1].txt - [1068 octets] - [05/05/2014 17:11:14]
AdwCleaner[s2].txt - [2375 octets] - [18/05/2014 15:16:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2435 octets] ##########
 

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[jam_spoons]

Hi,

 

Only two items found on the eset scan.

 

C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000    a variant of Win32/DomaIQ.BB potentially unwanted application    deleted - quarantined
C:\Users\dave\AppData\Local\Temp\50901435-e514-44b5-8484-391a4398a971\software\Cloud_Backup_Setup.exe    Win32/MyPCBackup.A potentially unwanted application    deleted - quarantined
 

I'm wondering if this isn't a problem with the Belkin USB wifi not getting through Malwarebytes as the internet works fine over wire?

 

Many thanks

[jam_spoons]

Hi,

I don't know if you're still looking into this but I've had to disable Malwarebytes on startup in order to get online. I tried adding the Belkin adapter executable file to the MBAM exceptions rules but that didn't work either. Everything works fine together over the ethernet wire but there's no way for her to keep that as a permanent solution.  I've tried uninstalling MBAM several times with your clean tool but the same problem occurs every time I reinstall it.

 

Everything runs smoothly as long as MBAM isn't running and I've told my friend to run a scan once each week as a precaution.

Other than this, I don't know what to do.  I didn't want her to remove MBAM entirely but it's the only way she can get online.

 

Thanks

[Maniac]

Please try to re-install it.

• Download and run mbam-clean.exe from here
• It will ask to restart your computer, please allow it to do so very important
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

[jam_spoons]

Hello,

I've tried that again and it still won't allow any communications through the Belkin adaptor. It works fine over wire or if MBAM is switched off.

It's not so important as she has MSE on there and she can run MBAM scans but I would have liked to get it working for her as it's such a good program.

[Maniac]

Please proceed:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[jam_spoons]

Hello again,

Here is the log you requested from Combofix.

 

ComboFix 14-06-04.01 - dave 05/06/2014  16:43:37.3.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2046.992 [GMT 1:00]

Running from: c:\users\dave\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

D:\Autorun.inf

.

.

(((((((((((((((((((((((((   Files Created from 2014-05-05 to 2014-06-05  )))))))))))))))))))))))))))))))

.

.

2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\lukezoe\AppData\Local\temp

2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-06-05 15:17 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F75DA5F-2F58-4B84-80AA-27EBDB405541}\mpengine.dll

2014-05-27 07:54 . 2014-04-23 10:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CA70509-53EF-4162-A854-0C175121B3F7}\gapaengine.dll

2014-05-27 07:53 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-05-22 10:45 . 2014-05-22 10:45 -------- d-----w- c:\programdata\Malwarebytes

2014-05-19 20:36 . 2014-05-19 20:36 -------- d-----w- c:\program files\ESET

2014-05-15 15:53 . 2014-05-15 15:55 -------- d-----w- C:\FRST

2014-05-15 12:45 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2014-05-08 13:17 . 2014-05-08 13:18 -------- d-----w- c:\users\dave\AppData\Roaming\Foxit Software

2014-05-08 13:17 . 2014-05-08 13:17 -------- d-----w- c:\users\Public\Foxit Software

2014-05-08 13:17 . 2014-05-08 13:17 -------- d-----w- c:\program files\Foxit Software

2014-05-08 12:55 . 2014-04-23 10:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-17 04:32 . 2014-05-05 14:56 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D86B080E-DD22-4B81-8416-4C9EAE2F3CC6}\mpengine.dll

2014-03-31 21:46 . 2014-03-31 21:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2014-03-31 21:46 . 2014-03-31 21:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2014-03-11 08:52 . 2014-03-11 08:52 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2014-03-07 23:12 . 2014-04-11 08:42 1806848 ----a-w- c:\windows\system32\jscript9.dll

2014-03-07 23:02 . 2014-04-11 08:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2014-03-07 23:02 . 2014-04-13 02:00 1129472 ----a-w- c:\windows\system32\wininet.dll

2014-03-07 22:57 . 2014-04-11 08:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2014-03-07 22:56 . 2014-04-11 08:42 421376 ----a-w- c:\windows\system32\vbscript.dll

2009-03-31 21:47 . 2008-10-27 16:10 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

2009-11-24 16:17 . 2008-12-15 17:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2014-04-23 533568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]

.

c:\users\lukezoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe -T [2005-10-28 1404928]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

path=c:\users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2014-02-21 02:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-03-01 14:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3661334880-1982377886-768432890-1002]

"EnableNotificationsRef"=dword:00000001

.

R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-06-05 15:27 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:12]

.

2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer =

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 0.0.0.0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-06-05 16:52

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.032"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ani"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bay"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bmp"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bw"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cr2"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.crw"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cs1"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cur"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dcr"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dcx"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dib"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.djv"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.djvu"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dng"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.emf"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.eps"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.erf"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.fff"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.fpx"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.gif"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.icl"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.icn"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ico"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.iff"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ilbm"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.int"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.inta"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.iw4"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.j2c"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.j2k"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jfif"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jif"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jp2"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpc"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpe"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpeg"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (S-1-5-21-3661334880-1982377886-768432890-1002)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpg"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpk"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpx"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.lbm"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.mos"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.mrw"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.nef"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.orf"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pbm"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pcd"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pct"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pcx"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pef"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pgm"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pic"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pict"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pix"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.png"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ppm"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.psd"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.psp"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.raf"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ras"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.raw"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rgb"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rgba"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rle"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rsb"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sgi"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sr2"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.srf"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.tga"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.thm"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.tif"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.tiff"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ttc"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ttf"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9o"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9p"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9pf"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wbm"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wbmp"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wmf"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xbm"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xif"

.

[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xpm"

.

Completion time: 2014-06-05  16:54:22

ComboFix-quarantined-files.txt  2014-06-05 15:54

ComboFix2.txt  2014-05-05 16:08

.

Pre-Run: 129,326,952,448 bytes free

Post-Run: 128,774,467,584 bytes free

.

- - End Of File - - 3C42FE7CA9246D8E4FB8369E02668B84

64B1E91C5C6C2157642651010728F90F

[Maniac]

Any progress now?

[jam_spoons]

Hi,

None of the above made any difference. I've had to reinstall Windows Vista and erase the current installation. When I left it with my friend it was running Malwarebytes and MSE togther and allowing connection over the belkin wireless adapter. Though, my friend did tell me that Malwarebytes had uninstalled itself but I haven't had a chance to check what she means by this yet so I don't really know what, if anything, has happened.

You may as well close this post, though. If I need any more help, I'll be sure to let you know.

Many thanks for everything you've done and all your time spent.

Best regards

Jo

[Maniac]

Thanks for letting me know, Jo!

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!