Jump to content

ZeroG

Honorary Members
 View Profile  See their activity

  • Posts

    29

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ZeroG
    Thanks, I did see that part of the text but just wanted to be sure. Once again sincere thanks for all your help, you have been very patient with me. Best wishes.
  2. ZeroG
    oh and security check....
  3. ZeroG
    Thank you I have done that, the shortcuts for mbar, Erunt, jrt, ntregopt, and rkill are still there though....
  4. ZeroG
    Yes it does load the explorer. So I have two explorer icons, one shortcut says launch internet explorer browser and the new one which just says the internet? You think this ok though? If thats all fine is there anything else I need to do. As I said Ive had unwittingly had windows firewall on throughout this process, is that ok? Another question I have, is there any reason why in programmes I could unistall firefox and chrome but there is no option to remove internet explorer? Finally, what should I do next? Thank you
  5. ZeroG
    I do apologise I dont know how to take a screen shot. When I right click on it it only offers 6 options, open home page, start without add ons, create shortcut, delete, rename and properties. This differes from other shortcuts which when right clicked offer many more options. Upon clicking on properties it says internet properties and there are 7 sub menus General, Security, Privacy, content, connections, programmes, advanced. The general menu contains hompepage, browsing history, search and tab options. This differes from other programmes and the launch internet explorer icon which has 5 sub menus General, shortcut, compatibilit, security and details and when on the general menu offers information such as when it was created. The internet icon does not have that information
  6. ZeroG
    I ran a quick search, it scanned 26928 items and claimed that no threats were discovered during the scan. It is my main one, the one I use to offer real time protection, I also have superantispyware which I use from time to time do scan but dont run in real time, I also have clamwin which I havent used for a long time
  7. ZeroG
    I have noticed however over the course of the day that Internet explorer is operating quite slowly but not sure if this was always the case as i only ever used to use google chrome or firefox. Also a new icon was created on my desktop at some point during the process since we started clearing things that appears with the explorer logo entitled 'the internet'. I havent installed anything so dont know how or why its there.
  8. ZeroG
    Hi, the system is running better now and to a layman like myself appears fine. One thing though, I noticed in that report that windows firewall was enabled. I didnt even know I had windows firewall, therefore this will have been on throughout the enitre process. Should I repeat the instructions you laid out in your first post just to be certain or am I ok? Thanks Results of screen317's Security Check version 0.99.72 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware McAfee SiteAdvisor Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
  9. ZeroG
    Thanks I have done that as instructed. here is the fixlog. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-08-2013 Ran by Steve at 2013-08-19 05:22:01 Run:1 Running from C:\Users\Steve\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** c:\Program Files\Microsoft Security Client HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe HKLM\...\Run: [pcreg] - C:\Program Files\wrapper_inst\service.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome SearchScopes: HKLM - DefaultScope value is missing. Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Task: {31C4BE4D-7713-41D9-887A-24990BB7E7A2} - System32\Tasks\PcRegistryShield_Start => C:\Program Files\PC Registry Shield\PcRegistryShield.exe No File Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {5AEA3352-DF9F-488D-A58F-7A36D0A5DF75} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File Task: {6A0D34D8-73A5-455B-8770-839F8CA53513} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.) Task: {6A9DFD4C-2DC3-4018-A299-59AA01A3853D} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe [2013-08-17] () Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {B783C587-4B02-4901-8F44-7C1F5C27398B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-02] (Adobe Systems Incorporated) Task: {D62E3111-761D-49D0-9041-F84FCB3B4146} - System32\Tasks\At1 => c:\Program Files\wrapper_inst\service.exe [2013-08-17] () Task: {FDCDCD79-CB8F-4BDC-A062-861373ECF31A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\At1.job => c:\Program Files\wrapper_inst\service.exe Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\wrapper_inst\service.exe ***************** c:\Program Files\Microsoft Security Client => Will not be moved with FRST. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value deleted successfully. HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully. HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. HKCR\PROTOCOLS\Handler\dssrequest => Key deleted successfully. HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key deleted successfully. HKCR\PROTOCOLS\Handler\sacore => Key deleted successfully. HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31C4BE4D-7713-41D9-887A-24990BB7E7A2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31C4BE4D-7713-41D9-887A-24990BB7E7A2} => Key deleted successfully. C:\Windows\System32\Tasks\PcRegistryShield_Start => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PcRegistryShield_Start => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AEA3352-DF9F-488D-A58F-7A36D0A5DF75} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AEA3352-DF9F-488D-A58F-7A36D0A5DF75} => Key deleted successfully. C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A0D34D8-73A5-455B-8770-839F8CA53513} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0D34D8-73A5-455B-8770-839F8CA53513} => Key deleted successfully. C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A9DFD4C-2DC3-4018-A299-59AA01A3853D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A9DFD4C-2DC3-4018-A299-59AA01A3853D} => Key deleted successfully. C:\Windows\System32\Tasks\pcreg => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61555D3-7840-45C1-A5A9-0D49851DE37A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61555D3-7840-45C1-A5A9-0D49851DE37A} => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B783C587-4B02-4901-8F44-7C1F5C27398B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B783C587-4B02-4901-8F44-7C1F5C27398B} => Key deleted successfully. C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D62E3111-761D-49D0-9041-F84FCB3B4146} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D62E3111-761D-49D0-9041-F84FCB3B4146} => Key deleted successfully. C:\Windows\System32\Tasks\At1 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDCDCD79-CB8F-4BDC-A062-861373ECF31A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDCDCD79-CB8F-4BDC-A062-861373ECF31A} => Key deleted successfully. C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => Key deleted successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully. C:\Windows\Tasks\At1.job => Moved successfully. C:\Windows\Tasks\pcreg.job => Moved successfully. ==== End of Fixlog ====
  10. ZeroG
    additional log Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-08-2013 Ran by Steve at 2013-08-19 03:49:25 Running from C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S1W0266 Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe AIR (Version: 3.1.0.4880) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader X (10.1.7) (Version: 10.1.7) Apple Application Support (Version: 1.1.0) Apple Software Update (Version: 2.1.1.116) Cisco EAP-FAST Module (Version: 2.1.6) Cisco LEAP Module (Version: 1.0.12) Cisco PEAP Module (Version: 1.0.13) ClamWin Free Antivirus 0.97.7 Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) CutePDF Writer 2.8 DaisyTrail American Holidays 2011 Digikit (Version: 1.0.2.019) DaisyTrail British Street Party Digikit (Version: 1.0.2.019) DaisyTrail Christmas Crafts Digikit (Version: 1.0.2.027) DaisyTrail Father's Day 2012 Digikit (Version: 1.0.2.029) DaisyTrail Fun at the Fête Digikit (Version: 1.0.2.019) DaisyTrail Halloween 2011 Digikit (Version: 1.0.2.027) DaisyTrail Happy Easter 2012 Digikit (Version: 1.0.2.028) DaisyTrail Happy Hanukkah 2011 Digikit (Version: 1.0.2.027) DaisyTrail In Her Shoes Digikit (Version: 1.0.2.017) DaisyTrail Love Birds Digikit (Version: 1.0.1.013) DaisyTrail Mother's Day 2012 Digikit (Version: 1.0.2.028) DaisyTrail New Beginnings Digikit (Version: 1.0.2.022) DaisyTrail New Year 2012 Digikit (Version: 1.0.2.027) DaisyTrail Thankgiving 2011 Digikit (Version: 1.0.2.027) DaisyTrail Valentine's 2012 Digikit (Version: 1.0.2.027) Dell Resource CD (Version: 1.00.0000) Dell Wireless WLAN Card Utility (Version: 5.10.38.30) docrafts DIGITAL Designer docrafts Digital Designer™ (Version: 1.2.7) ERUNT 1.1j ESET Online Scanner v3 Football Manager 2010 (Version: 10.0.0.0) Foxit Reader (Version: 3.1.2.1013) Hallmark Card Studio (Version: 11.0.0.44) HP Deskjet 3050 J610 series Basic Device Software (Version: 22.0.334.0) HP Deskjet 3050 J610 series Help (Version: 140.0.63.63) HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.0.334.0) HP Photo Creations (Version: 1.0.0.3341) HP Update (Version: 5.002.005.003) IDT Audio (Version: 1.0.6124.0) Intel® Graphics Media Accelerator Driver Java 7 Update 17 (Version: 7.0.170) Java Auto Updater (Version: 2.1.9.0) Junk Mail filter update (Version: 14.0.8117.416) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Marvell Miniport Driver (Version: 10.63.3.3) McAfee Security Scan Plus (Version: 3.0.318.3) McAfee SiteAdvisor (Version: 3.6.168) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Security Client (Version: 4.3.0215.0) Microsoft Security Essentials (Version: 4.3.215.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Works (Version: 9.7.0621) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) OpenOffice.org 3.2 (Version: 3.2.9502) PowerDVD DX (Version: 8.2.5408) QuickTime (Version: 7.65.17.80) Realtek USB 2.0 Card Reader (Version: 6.0.6000.20113) Serif CraftArtist Baby Photos Collection (Version: 1.0.0.007) Serif CraftArtist Greeting Cards Collection (Version: 1.0.0.007) Serif CraftArtist Professional (Version: 1.0.0.023) Serif CraftArtist Scrapbooks Collection (Version: 1.0.0.007) Serif CraftArtist Wedding Days Collection (Version: 1.0.0.008) SUPERAntiSpyware (Version: 5.6.1014) T-Mobile Internet Manager (Version: 11.301.05.05.105) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Family Safety (Version: 14.0.8118.427) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windows Live Mail (Version: 14.0.8117.0416) Windows Live Movie Maker (Version: 14.0.8117.0416) Windows Live Photo Gallery (Version: 14.0.8117.416) Windows Live Sync (Version: 14.0.8117.416) Windows Live Upload Tool (Version: 14.0.8014.1029) Windows Live Writer (Version: 14.0.8117.0416) ==================== Restore Points ========================= 16-10-2009 12:20:11 Installed Dell Resource CD. 16-10-2009 12:23:05 Installed Realtek USB 2.0 Card Reader 16-10-2009 12:23:14 Device Driver Package Install: Realtek Semiconductor Corp. Universal Serial Bus controllers 16-10-2009 12:23:57 Device Driver Package Install: IDT Sound, video and game controllers 16-10-2009 12:24:53 Installed IDT Audio 16-10-2009 12:26:17 Device Driver Package Install: Intel Corporation Display adapters 16-10-2009 12:28:03 Device Driver Package Install: Intel IDE ATA/ATAPI controllers 16-10-2009 12:28:13 Device Driver Package Install: Intel System devices 16-10-2009 12:28:36 Device Driver Package Install: Intel System devices 16-10-2009 12:28:46 Device Driver Package Install: Intel System devices 16-10-2009 12:31:29 Device Driver Package Install: Broadcom Network adapters 16-10-2009 12:53:57 Device Driver Package Install: Roland Sound, video and game controllers 16-10-2009 12:57:54 Installed MSM32Installer 17-11-2009 20:22:05 Scheduled Checkpoint 18-11-2009 16:12:49 Scheduled Checkpoint 24-11-2009 20:16:59 Scheduled Checkpoint 14-12-2009 18:24:26 Scheduled Checkpoint 05-01-2010 17:59:48 Scheduled Checkpoint 12-01-2010 18:58:54 Scheduled Checkpoint 27-01-2010 18:52:53 Scheduled Checkpoint 28-01-2010 22:11:19 Scheduled Checkpoint 17-03-2010 17:12:39 Scheduled Checkpoint 24-05-2010 12:28:18 Scheduled Checkpoint 28-05-2010 12:26:53 Scheduled Checkpoint 15-06-2010 18:28:30 Scheduled Checkpoint 16-06-2010 12:37:39 Scheduled Checkpoint 19-06-2010 11:30:29 Scheduled Checkpoint 16-08-2010 11:10:45 Scheduled Checkpoint 16-11-2010 09:25:08 Scheduled Checkpoint 08-02-2011 17:02:55 Scheduled Checkpoint 31-05-2011 15:28:42 Scheduled Checkpoint 29-07-2011 18:34:45 Scheduled Checkpoint 29-08-2011 13:39:37 Scheduled Checkpoint 31-08-2011 14:24:26 Scheduled Checkpoint 07-10-2011 12:53:13 Scheduled Checkpoint 09-10-2011 12:18:32 Scheduled Checkpoint 23-10-2011 14:18:37 Scheduled Checkpoint 01-08-2013 18:38:15 Scheduled Checkpoint 03-08-2013 15:03:20 Windows Update 07-08-2013 09:36:25 Windows Update 08-08-2013 14:36:43 Windows Update 10-08-2013 20:30:31 Removed Microsoft Office Click-to-Run 2010 10-08-2013 21:08:49 Removed Microsoft Office Click-to-Run 2010 12-08-2013 12:00:30 Windows Update 15-08-2013 02:00:22 Windows Update 17-08-2013 20:02:40 Removed Microsoft Office Click-to-Run 2010 17-08-2013 20:40:04 Installed LibreOffice 4.1.0.4 17-08-2013 22:46:59 Removed LibreOffice 4.1.0.4 17-08-2013 23:15:04 Removed PC Registry Shield 17-08-2013 23:16:31 Installed LibreOffice 4.1.0.4 18-08-2013 00:40:25 Removed Sony Ericsson Media Manager 1.2 18-08-2013 14:29:28 Scheduled Checkpoint 18-08-2013 23:44:15 Windows Update 19-08-2013 02:33:03 Installed Microsoft Fix it 50195 ==================== Hosts content: ========================== 2006-11-02 11:23 - 2013-08-19 02:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {31C4BE4D-7713-41D9-887A-24990BB7E7A2} - System32\Tasks\PcRegistryShield_Start => C:\Program Files\PC Registry Shield\PcRegistryShield.exe No File Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {449E6C74-6F83-46EB-9985-0FEF72FB46D1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation) Task: {5AEA3352-DF9F-488D-A58F-7A36D0A5DF75} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File Task: {6A0D34D8-73A5-455B-8770-839F8CA53513} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.) Task: {6A9DFD4C-2DC3-4018-A299-59AA01A3853D} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe [2013-08-17] () Task: {887C63CB-69FF-4201-9F69-F026E59C042D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {A62F61D4-8478-4458-A85B-9D6CE50D5A6B} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.) Task: {B783C587-4B02-4901-8F44-7C1F5C27398B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-02] (Adobe Systems Incorporated) Task: {D62E3111-761D-49D0-9041-F84FCB3B4146} - System32\Tasks\At1 => c:\Program Files\wrapper_inst\service.exe [2013-08-17] () Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {FDCDCD79-CB8F-4BDC-A062-861373ECF31A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2970680302-2301816736-3001710448-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\At1.job => c:\Program Files\wrapper_inst\service.exe Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\wrapper_inst\service.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft 6to4 Adapter #2 Description: Microsoft 6to4 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft 6to4 Adapter #25 Description: Microsoft 6to4 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: isatap.{720C151B-04B9-45B9-872E-582D01F32BBA} Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft ISATAP Adapter #32 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2013 02:24:57 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:44:13 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:37:42 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:37:01 AM) (Source: EventSystem) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/19/2013 01:27:30 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:22:39 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:21:56 AM) (Source: EventSystem) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/19/2013 01:19:24 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:18:39 AM) (Source: EventSystem) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/19/2013 00:32:22 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/19/2013 02:24:58 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (08/19/2013 02:24:58 AM) (Source: Service Control Manager) (User: ) Description: Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)%%1058 Error: (08/19/2013 02:24:58 AM) (Source: Service Control Manager) (User: ) Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058 Error: (08/19/2013 02:23:13 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY) Description: 0 Error: (08/19/2013 02:22:05 AM) (Source: Service Control Manager) (User: ) Description: PEVSystemStart Error: (08/19/2013 02:21:51 AM) (Source: Service Control Manager) (User: ) Description: PEVSystemStart Error: (08/19/2013 02:20:39 AM) (Source: Service Control Manager) (User: ) Description: Marvell Yukon Service1 Error: (08/19/2013 02:17:53 AM) (Source: Service Control Manager) (User: ) Description: PEVSystemStart Error: (08/19/2013 02:13:07 AM) (Source: Service Control Manager) (User: ) Description: PEVSystemStart Error: (08/19/2013 02:13:00 AM) (Source: Service Control Manager) (User: ) Description: Dell Wireless WLAN Tray Service1 Microsoft Office Sessions: ========================= Error: (08/19/2013 02:24:57 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:44:13 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:37:42 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:37:01 AM) (Source: EventSystem)(User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/19/2013 01:27:30 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:22:39 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:21:56 AM) (Source: EventSystem)(User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/19/2013 01:19:24 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2013 01:18:39 AM) (Source: EventSystem)(User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/19/2013 00:32:22 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-08-18 12:04:42.637 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 12:04:42.294 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 12:04:41.951 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 12:04:41.607 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 10:08:03.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 10:08:03.474 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 10:08:03.119 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 10:08:02.644 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 09:29:37.957 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 09:29:37.609 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 3031.63 MB Available physical RAM: 1474.78 MB Total Pagefile: 6291.54 MB Available Pagefile: 4578.02 MB Total Virtual: 2047.88 MB Available Virtual: 1904.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:351.07 GB) (Free:265.48 GB) NTFS Drive d: () (Fixed) (Total:100 GB) (Free:70.93 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.52 GB) NTFS Drive g: (T-Mobile) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: F5623874) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=351 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  11. ZeroG
    FRST loaded this time, though when prompted to update to the most recent I kept attempting to, only for it to return to the original page where it would ask me to run it which i would, to which it would prompt me and so forth. In the end i declined to update it to the most recent, dont know if that affects anything but thought it may be worth mentioning. here is the frst log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013 Ran by Steve (administrator) on 19-08-2013 03:48:56 Running from C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S1W0266 Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe () C:\Windows\System32\WLTRYSVC.EXE (Dell Inc.) C:\Windows\System32\bcmwltry.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (McAfee, Inc.) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Dell Inc.) C:\Windows\System32\WLTRAY.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (alch) C:\Program Files\ClamWin\bin\ClamTray.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sony Ericsson Mobile Communications AB) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Huawei Technologies Co., Ltd.) C:\Users\Steve\AppData\Roaming\T-Mobile Internet Manager\ouc.exe () C:\Program Files\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Program Files\T-Mobile\InternetManager_H\bmsdk.exe (Bytemobile, Inc.) C:\Program Files\T-Mobile\InternetManager_H\bmctl.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Farbar) C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S1W0266\FRST (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3810304 2008-11-17] (Dell Inc.) HKLM\...\Run: [ClamWin] - C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2013-03-22] (alch) HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-04-02] (CyberLink Corp.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation) HKLM\...\Run: [DataCardMonitor] - C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe [253952 2012-12-22] (Huawei Technologies Co., Ltd.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [pcreg] - C:\Program Files\wrapper_inst\service.exe [346720 2013-08-17] () HKCU\...\Run: [sony Ericsson PC Suite] - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [393216 2008-07-02] (Sony Ericsson Mobile Communications AB) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.) HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-17] (SUPERAntiSpyware) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE () Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome SearchScopes: HKLM - DefaultScope value is missing. Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) Tcpip\..\Interfaces\{720C151B-04B9-45B9-872E-582D01F32BBA}: [NameServer]149.254.230.7 149.254.192.126 ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-11-17] (Andrea Electronics Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [101552 2013-05-22] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-11-18] (IDT, Inc.) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.) R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [x] ==================== Drivers (Whitelisted) ==================== R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) R3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85248 2010-11-04] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 massfilter; system32\drivers\massfilter.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-19 03:47 - 2013-08-19 03:47 - 01069895 _____ (Farbar) C:\Users\Steve\Downloads\FRST (2).exe 2013-08-19 02:30 - 2013-08-19 02:30 - 00013336 _____ C:\ComboFix.txt 2013-08-19 02:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-19 02:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-19 02:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-19 02:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-19 02:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-19 02:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-19 02:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-19 02:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-19 02:09 - 2013-08-19 02:30 - 00000000 ____D C:\Qoobox 2013-08-19 02:06 - 2013-08-19 02:06 - 05105231 ____R (Swearware) C:\Users\Steve\Desktop\ComboFix.exe 2013-08-19 01:31 - 2013-08-19 01:31 - 01069895 _____ (Farbar) C:\Users\Steve\Downloads\FRST (1).exe 2013-08-18 14:46 - 2013-08-18 14:46 - 01069795 _____ (Farbar) C:\Users\Steve\Downloads\FRST.exe 2013-08-18 14:34 - 2013-08-18 14:34 - 00000107 _____ C:\Users\Steve\Desktop\eset txt.txt 2013-08-18 14:33 - 2013-08-18 14:33 - 00000126 _____ C:\Users\Steve\Desktop\Eset manual copy of threat.txt 2013-08-18 13:29 - 2013-08-18 13:29 - 00000000 ____D C:\Program Files\ESET 2013-08-18 13:28 - 2013-08-18 13:28 - 02347384 _____ (ESET) C:\Users\Steve\Desktop\esetsmartinstaller_enu.exe 2013-08-18 13:21 - 2013-08-18 13:21 - 00002749 _____ C:\AdwCleaner[s1].txt 2013-08-18 13:20 - 2013-08-18 13:20 - 00666633 _____ C:\Users\Steve\Desktop\AdwCleaner.exe 2013-08-18 13:14 - 2013-08-18 13:14 - 00000878 _____ C:\Users\Steve\Desktop\JRT.txt 2013-08-18 12:02 - 2013-08-18 12:02 - 00004512 _____ C:\Users\Steve\Desktop\RKreport[0]_S_08182013_120259.txt 2013-08-18 11:20 - 2013-08-18 11:20 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds (1).scr 2013-08-18 11:14 - 2013-08-18 11:14 - 00000000 ____D C:\Windows\ERUNT 2013-08-18 11:07 - 2013-08-18 11:07 - 01018166 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe 2013-08-18 10:08 - 2013-08-18 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-18 10:07 - 2013-08-18 12:57 - 00000000 ____D C:\Users\Steve\Desktop\mbar 2013-08-18 10:06 - 2013-08-18 10:06 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Steve\Desktop\mbar-1.06.1.1005.exe 2013-08-18 10:02 - 2013-08-18 10:06 - 00000000 ____D C:\Users\Steve\Desktop\RK_Quarantine 2013-08-18 10:00 - 2013-08-19 02:29 - 00000000 ____D C:\Windows\ERDNT 2013-08-18 10:00 - 2013-08-18 10:00 - 00920576 _____ C:\Users\Steve\Desktop\RogueKiller.exe 2013-08-18 09:59 - 2013-08-18 09:59 - 00000693 _____ C:\Users\Steve\Desktop\NTREGOPT.lnk 2013-08-18 09:59 - 2013-08-18 09:59 - 00000674 _____ C:\Users\Steve\Desktop\ERUNT.lnk 2013-08-18 09:59 - 2013-08-18 09:59 - 00000000 ____D C:\Program Files\ERUNT 2013-08-18 09:58 - 2013-08-18 09:58 - 00791393 _____ (Lars Hederer ) C:\Users\Steve\Downloads\erunt-setup.exe 2013-08-18 09:46 - 2013-08-18 11:58 - 00002198 _____ C:\Users\Steve\Desktop\Rkill.txt 2013-08-18 09:44 - 2013-08-18 09:44 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Steve\Desktop\rkill.exe 2013-08-18 06:10 - 2013-08-18 11:53 - 00016404 _____ C:\Users\Steve\Desktop\dds.txt 2013-08-18 06:10 - 2013-08-18 11:53 - 00008290 _____ C:\Users\Steve\Desktop\attach.txt 2013-08-18 06:07 - 2013-08-18 06:07 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.scr 2013-08-18 04:22 - 2013-08-18 04:22 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Malwarebytes 2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-08-18 04:22 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-18 02:07 - 2013-08-18 02:07 - 00139344 _____ C:\Windows\Minidump\Mini081813-01.dmp 2013-08-18 00:56 - 2013-08-18 00:56 - 00000000 ____D C:\ProgramData\䇰Å㺠ÅÄÅ㌀Å8520-1533-40C5-AD09-953C574F14BCÄÅ㟐Å 2013-08-18 00:32 - 2013-08-18 00:32 - 00000000 ____D C:\ProgramData\䇰Ǜ㺠ǛÄǛ㌀Ǜ8520-1533-40C5-AD09-953C574F14BCÄǛ㟐Ǜ 2013-08-18 00:30 - 2013-08-18 00:30 - 00000000 ____D C:\Windows\system32\searchplugins 2013-08-18 00:30 - 2013-08-18 00:30 - 00000000 ____D C:\Windows\system32\Extensions 2013-08-17 23:43 - 2013-08-17 23:43 - 00000000 ____D C:\ProgramData\䇰Ǐ㺠ǏÄǏ㌀Ǐ8520-1533-40C5-AD09-953C574F14BCÄǏ㟐Ǐ 2013-08-17 21:57 - 2013-08-17 21:57 - 00000000 ____D C:\Users\Steve\AppData\Local\avgchrome 2013-08-17 21:54 - 2013-08-17 21:54 - 00001871 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-08-17 21:54 - 2013-08-17 21:54 - 00000000 ____D C:\ProgramData\䈈ċ㺸ċÄċ㌘ċ8520-1533-40C5-AD09-953C574F14BCÄċ㟨ċ 2013-08-17 21:54 - 2013-08-17 21:54 - 00000000 ____D C:\ProgramData\99 2013-08-17 21:52 - 2013-08-18 00:03 - 00000000 ____D C:\Users\Steve\Documents\PCRegistyShield 2013-08-17 21:51 - 2013-08-18 00:15 - 00000000 ____D C:\Program Files\PC Registry Shield 2013-08-17 21:50 - 2013-08-19 02:24 - 00000284 _____ C:\Windows\Tasks\pcreg.job 2013-08-17 21:50 - 2013-08-17 22:17 - 00000368 _____ C:\Windows\Tasks\At1.job 2013-08-17 21:50 - 2013-08-17 21:51 - 00000000 ____D C:\Program Files\wrapper_inst 2013-08-17 21:49 - 2013-08-17 21:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SeeSimilar 2013-08-17 21:49 - 2013-08-17 21:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\LibreOffice 2013-08-17 20:15 - 2013-08-17 20:15 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (12).exe 2013-08-17 15:22 - 2013-08-17 15:22 - 00004361 _____ C:\Users\Steve\Downloads\dl.php 2013-08-15 03:03 - 2013-07-25 03:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 03:03 - 2013-07-25 03:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 03:03 - 2013-07-25 03:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 03:03 - 2013-07-25 03:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 03:03 - 2013-07-25 03:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 03:03 - 2013-07-25 03:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-08-15 03:03 - 2013-07-25 03:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-08-15 03:03 - 2013-07-25 03:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 03:03 - 2013-07-25 03:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 03:03 - 2013-07-25 03:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 03:03 - 2013-07-25 03:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 03:03 - 2013-07-25 03:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-08-15 03:03 - 2013-07-25 03:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-08-15 03:03 - 2013-07-25 03:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 03:03 - 2013-07-25 03:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 03:03 - 2013-07-25 03:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-08-14 03:29 - 2013-07-05 04:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 03:29 - 2013-07-05 02:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2013-08-14 03:29 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2013-08-14 03:29 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-14 03:28 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 03:28 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 03:28 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 03:28 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-08-14 03:28 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 03:28 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 03:28 - 2013-07-08 05:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 03:28 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 03:28 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-10 22:05 - 2013-08-10 22:05 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (11).exe 2013-08-10 22:00 - 2013-08-10 22:00 - 00000000 ____D C:\Users\Steve\AppData\Local\Microsoft Help 2013-08-10 22:00 - 2013-08-10 22:00 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-10 21:56 - 2013-08-10 21:57 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (10).exe 2013-08-10 21:51 - 2013-08-10 21:51 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (9).exe 2013-08-10 21:42 - 2013-08-10 21:42 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (8).exe 2013-08-10 21:20 - 2013-08-10 21:20 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (7).exe 2013-08-10 21:18 - 2013-08-10 21:18 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (6).exe 2013-08-10 21:14 - 2013-08-10 21:14 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (5).exe 2013-08-10 21:11 - 2013-08-10 22:06 - 00000000 ____D C:\ProgramData\Virtualized Applications 2013-08-10 21:10 - 2013-08-10 21:11 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (4).exe 2013-08-10 21:10 - 2013-08-10 21:10 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (3).exe 2013-08-10 20:46 - 2013-08-10 20:46 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (2).exe 2013-08-10 20:42 - 2013-08-17 21:02 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SoftGrid Client 2013-08-10 20:42 - 2013-08-10 22:06 - 00000000 ____D C:\Users\Steve\AppData\Local\SoftGrid Client 2013-08-10 20:37 - 2013-08-17 20:20 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TP 2013-08-10 20:37 - 2013-08-10 20:37 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (1).exe 2013-08-10 20:35 - 2013-08-10 20:36 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255.exe 2013-08-03 22:32 - 2013-08-07 03:16 - 00009728 _____ C:\Users\Steve\Desktop\MUMS NHS JOB.wps 2013-07-28 14:13 - 2013-08-18 01:31 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-20 11:14 - 2013-08-15 03:09 - 00000000 ____D C:\Windows\system32\MRT ==================== One Month Modified Files and Folders ======= 2013-08-19 03:48 - 2013-08-19 03:48 - 00000000 ____D C:\FRST 2013-08-19 03:47 - 2013-08-19 03:47 - 01069895 _____ (Farbar) C:\Users\Steve\Downloads\FRST (2).exe 2013-08-19 03:46 - 2012-12-09 08:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-19 03:44 - 2008-01-21 02:35 - 01474997 _____ C:\Windows\WindowsUpdate.log 2013-08-19 02:30 - 2013-08-19 02:30 - 00013336 _____ C:\ComboFix.txt 2013-08-19 02:30 - 2013-08-19 02:09 - 00000000 ____D C:\Qoobox 2013-08-19 02:30 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default 2013-08-19 02:30 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public 2013-08-19 02:29 - 2013-08-18 10:00 - 00000000 ____D C:\Windows\ERDNT 2013-08-19 02:25 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini 2013-08-19 02:24 - 2013-08-17 21:50 - 00000284 _____ C:\Windows\Tasks\pcreg.job 2013-08-19 02:24 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-19 02:24 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-19 02:23 - 2008-01-21 03:47 - 00108752 _____ C:\Windows\PFRO.log 2013-08-19 02:23 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-19 02:22 - 2006-11-02 14:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-19 02:22 - 2006-11-02 11:22 - 37748736 _____ C:\Windows\system32\config\software.bak 2013-08-19 02:22 - 2006-11-02 11:22 - 34603008 _____ C:\Windows\system32\config\COMPON~3.bak 2013-08-19 02:22 - 2006-11-02 11:22 - 26738688 _____ C:\Windows\system32\config\system.bak 2013-08-19 02:22 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security.bak 2013-08-19 02:22 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam.bak 2013-08-19 02:22 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\default.bak 2013-08-19 02:06 - 2013-08-19 02:06 - 05105231 ____R (Swearware) C:\Users\Steve\Desktop\ComboFix.exe 2013-08-19 01:31 - 2013-08-19 01:31 - 01069895 _____ (Farbar) C:\Users\Steve\Downloads\FRST (1).exe 2013-08-18 14:46 - 2013-08-18 14:46 - 01069795 _____ (Farbar) C:\Users\Steve\Downloads\FRST.exe 2013-08-18 14:34 - 2013-08-18 14:34 - 00000107 _____ C:\Users\Steve\Desktop\eset txt.txt 2013-08-18 14:33 - 2013-08-18 14:33 - 00000126 _____ C:\Users\Steve\Desktop\Eset manual copy of threat.txt 2013-08-18 14:33 - 2009-10-16 15:31 - 00030908 _____ C:\Users\Steve\AppData\Roaming\wklnhst.dat 2013-08-18 13:29 - 2013-08-18 13:29 - 00000000 ____D C:\Program Files\ESET 2013-08-18 13:28 - 2013-08-18 13:28 - 02347384 _____ (ESET) C:\Users\Steve\Desktop\esetsmartinstaller_enu.exe 2013-08-18 13:21 - 2013-08-18 13:21 - 00002749 _____ C:\AdwCleaner[s1].txt 2013-08-18 13:20 - 2013-08-18 13:20 - 00666633 _____ C:\Users\Steve\Desktop\AdwCleaner.exe 2013-08-18 13:14 - 2013-08-18 13:14 - 00000878 _____ C:\Users\Steve\Desktop\JRT.txt 2013-08-18 12:57 - 2013-08-18 10:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-18 12:57 - 2013-08-18 10:07 - 00000000 ____D C:\Users\Steve\Desktop\mbar 2013-08-18 12:02 - 2013-08-18 12:02 - 00004512 _____ C:\Users\Steve\Desktop\RKreport[0]_S_08182013_120259.txt 2013-08-18 11:58 - 2013-08-18 09:46 - 00002198 _____ C:\Users\Steve\Desktop\Rkill.txt 2013-08-18 11:53 - 2013-08-18 06:10 - 00016404 _____ C:\Users\Steve\Desktop\dds.txt 2013-08-18 11:53 - 2013-08-18 06:10 - 00008290 _____ C:\Users\Steve\Desktop\attach.txt 2013-08-18 11:20 - 2013-08-18 11:20 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds (1).scr 2013-08-18 11:14 - 2013-08-18 11:14 - 00000000 ____D C:\Windows\ERUNT 2013-08-18 11:07 - 2013-08-18 11:07 - 01018166 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe 2013-08-18 10:06 - 2013-08-18 10:06 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Steve\Desktop\mbar-1.06.1.1005.exe 2013-08-18 10:06 - 2013-08-18 10:02 - 00000000 ____D C:\Users\Steve\Desktop\RK_Quarantine 2013-08-18 10:00 - 2013-08-18 10:00 - 00920576 _____ C:\Users\Steve\Desktop\RogueKiller.exe 2013-08-18 09:59 - 2013-08-18 09:59 - 00000693 _____ C:\Users\Steve\Desktop\NTREGOPT.lnk 2013-08-18 09:59 - 2013-08-18 09:59 - 00000674 _____ C:\Users\Steve\Desktop\ERUNT.lnk 2013-08-18 09:59 - 2013-08-18 09:59 - 00000000 ____D C:\Program Files\ERUNT 2013-08-18 09:58 - 2013-08-18 09:58 - 00791393 _____ (Lars Hederer ) C:\Users\Steve\Downloads\erunt-setup.exe 2013-08-18 09:44 - 2013-08-18 09:44 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Steve\Desktop\rkill.exe 2013-08-18 06:07 - 2013-08-18 06:07 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.scr 2013-08-18 04:22 - 2013-08-18 04:22 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Malwarebytes 2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-18 04:22 - 2013-08-18 04:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-08-18 02:57 - 2013-07-08 10:41 - 00000000 ____D C:\Users\Steve\Desktop\Plans 2013-08-18 02:57 - 2013-05-04 16:19 - 00000000 ____D C:\Users\Steve\Desktop\Informa research and Preparation 2013-08-18 02:56 - 2013-05-05 19:30 - 00000000 ____D C:\Users\Steve\Desktop\C.V's and Cover Letters 2013-08-18 02:07 - 2013-08-18 02:07 - 00139344 _____ C:\Windows\Minidump\Mini081813-01.dmp 2013-08-18 02:07 - 2013-05-05 14:07 - 00000000 ____D C:\Windows\Minidump 2013-08-18 02:06 - 2013-05-05 14:07 - 267918059 _____ C:\Windows\MEMORY.DMP 2013-08-18 01:45 - 2009-10-27 02:15 - 00000000 ____D C:\Program Files\Sony Ericsson 2013-08-18 01:42 - 2009-10-27 03:07 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Sony 2013-08-18 01:42 - 2009-10-27 03:05 - 00000000 ____D C:\Users\Steve\AppData\Local\Sony 2013-08-18 01:31 - 2013-07-28 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-18 01:30 - 2011-12-05 16:43 - 00000000 ____D C:\Program Files\Google 2013-08-18 01:23 - 2011-12-05 16:44 - 00000000 ____D C:\Users\Steve\AppData\Local\Google 2013-08-18 00:56 - 2013-08-18 00:56 - 00000000 ____D C:\ProgramData\䇰Å㺠ÅÄÅ㌀Å8520-1533-40C5-AD09-953C574F14BCÄÅ㟐Å 2013-08-18 00:32 - 2013-08-18 00:32 - 00000000 ____D C:\ProgramData\䇰Ǜ㺠ǛÄǛ㌀Ǜ8520-1533-40C5-AD09-953C574F14BCÄǛ㟐Ǜ 2013-08-18 00:30 - 2013-08-18 00:30 - 00000000 ____D C:\Windows\system32\searchplugins 2013-08-18 00:30 - 2013-08-18 00:30 - 00000000 ____D C:\Windows\system32\Extensions 2013-08-18 00:15 - 2013-08-17 21:51 - 00000000 ____D C:\Program Files\PC Registry Shield 2013-08-18 00:03 - 2013-08-17 21:52 - 00000000 ____D C:\Users\Steve\Documents\PCRegistyShield 2013-08-17 23:43 - 2013-08-17 23:43 - 00000000 ____D C:\ProgramData\䇰Ǐ㺠ǏÄǏ㌀Ǐ8520-1533-40C5-AD09-953C574F14BCÄǏ㟐Ǐ 2013-08-17 23:43 - 2006-11-02 13:47 - 00450320 _____ C:\Windows\system32\FNTCACHE.DAT 2013-08-17 22:17 - 2013-08-17 21:50 - 00000368 _____ C:\Windows\Tasks\At1.job 2013-08-17 21:57 - 2013-08-17 21:57 - 00000000 ____D C:\Users\Steve\AppData\Local\avgchrome 2013-08-17 21:55 - 2013-04-21 20:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-08-17 21:54 - 2013-08-17 21:54 - 00001871 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-08-17 21:54 - 2013-08-17 21:54 - 00000000 ____D C:\ProgramData\䈈ċ㺸ċÄċ㌘ċ8520-1533-40C5-AD09-953C574F14BCÄċ㟨ċ 2013-08-17 21:54 - 2013-08-17 21:54 - 00000000 ____D C:\ProgramData\99 2013-08-17 21:54 - 2011-10-24 11:20 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-08-17 21:51 - 2013-08-17 21:50 - 00000000 ____D C:\Program Files\wrapper_inst 2013-08-17 21:51 - 2009-10-16 14:45 - 00145752 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-17 21:49 - 2013-08-17 21:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SeeSimilar 2013-08-17 21:49 - 2013-08-17 21:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\LibreOffice 2013-08-17 21:04 - 2009-10-16 15:29 - 00000000 ____D C:\Program Files\Microsoft Office 2013-08-17 21:04 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-08-17 21:02 - 2013-08-10 20:42 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SoftGrid Client 2013-08-17 20:20 - 2013-08-10 20:37 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TP 2013-08-17 20:15 - 2013-08-17 20:15 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (12).exe 2013-08-17 15:22 - 2013-08-17 15:22 - 00004361 _____ C:\Users\Steve\Downloads\dl.php 2013-08-15 12:49 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache 2013-08-15 11:52 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-08-15 03:09 - 2013-07-20 11:14 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 03:07 - 2006-11-02 11:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-08-10 22:06 - 2013-08-10 21:11 - 00000000 ____D C:\ProgramData\Virtualized Applications 2013-08-10 22:06 - 2013-08-10 20:42 - 00000000 ____D C:\Users\Steve\AppData\Local\SoftGrid Client 2013-08-10 22:05 - 2013-08-10 22:05 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (11).exe 2013-08-10 22:00 - 2013-08-10 22:00 - 00000000 ____D C:\Users\Steve\AppData\Local\Microsoft Help 2013-08-10 22:00 - 2013-08-10 22:00 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-10 21:57 - 2013-08-10 21:56 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (10).exe 2013-08-10 21:51 - 2013-08-10 21:51 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (9).exe 2013-08-10 21:42 - 2013-08-10 21:42 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (8).exe 2013-08-10 21:20 - 2013-08-10 21:20 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (7).exe 2013-08-10 21:18 - 2013-08-10 21:18 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (6).exe 2013-08-10 21:14 - 2013-08-10 21:14 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (5).exe 2013-08-10 21:11 - 2013-08-10 21:10 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (4).exe 2013-08-10 21:10 - 2013-08-10 21:10 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (3).exe 2013-08-10 20:46 - 2013-08-10 20:46 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (2).exe 2013-08-10 20:40 - 2006-11-02 11:33 - 00005074 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-10 20:37 - 2013-08-10 20:37 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255 (1).exe 2013-08-10 20:36 - 2013-08-10 20:35 - 01632144 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\X18-20255.exe 2013-08-08 15:41 - 2011-06-19 15:38 - 00001945 _____ C:\Windows\epplauncher.mif 2013-08-08 15:40 - 2011-06-19 15:37 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-08-07 03:16 - 2013-08-03 22:32 - 00009728 _____ C:\Users\Steve\Desktop\MUMS NHS JOB.wps 2013-08-02 13:17 - 2012-12-09 08:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-02 13:17 - 2012-01-05 18:44 - 00000000 ____D C:\Users\Steve\AppData\Local\Adobe 2013-08-02 13:17 - 2011-06-19 17:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-07-25 03:40 - 2013-08-15 03:03 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-25 03:32 - 2013-08-15 03:03 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-25 03:30 - 2013-08-15 03:03 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-25 03:26 - 2013-08-15 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-25 03:26 - 2013-08-15 03:03 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-25 03:25 - 2013-08-15 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-25 03:24 - 2013-08-15 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-25 03:24 - 2013-08-15 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-25 03:23 - 2013-08-15 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-25 03:23 - 2013-08-15 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-25 03:23 - 2013-08-15 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-25 03:23 - 2013-08-15 03:03 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-25 03:23 - 2013-08-15 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-25 03:22 - 2013-08-15 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-25 03:22 - 2013-08-15 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-25 03:22 - 2013-08-15 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-22 17:26 - 2013-03-05 02:11 - 00000000 ____D C:\Users\Steve\Documents\Hotel Files to move or delete: ==================== C:\Windows\Tasks\At1.job ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-19 02:29 ==================== End Of Log ============================
  12. ZeroG
    ComboFix 13-08-18.01 - Steve 19/08/2013 2:13.1.1 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3032.1851 [GMT 1:00] Running from: c:\users\Steve\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe E:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_DCService.exe . . ((((((((((((((((((((((((( Files Created from 2013-07-19 to 2013-08-19 ))))))))))))))))))))))))))))))) . . 2013-08-19 01:21 . 2013-08-19 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-19 00:34 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CAD3A91-0444-4010-8175-77201C3E9D83}\mpengine.dll 2013-08-18 13:48 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-18 12:29 . 2013-08-18 12:29 -------- d-----w- c:\program files\ESET 2013-08-18 10:14 . 2013-08-18 10:14 -------- d-----w- c:\windows\ERUNT 2013-08-18 09:08 . 2013-08-18 11:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-18 08:59 . 2013-08-18 08:59 -------- d-----w- c:\program files\ERUNT 2013-08-18 03:22 . 2013-08-18 03:22 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes 2013-08-18 03:22 . 2013-08-18 03:22 -------- d-----w- c:\programdata\Malwarebytes 2013-08-18 03:22 . 2013-08-18 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-08-18 03:22 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-17 23:56 . 2013-08-17 23:56 -------- d-----w- c:\progra~2\8520-1~4 2013-08-17 23:32 . 2013-08-17 23:32 -------- d-----w- c:\progra~2\8520-1~3 2013-08-17 23:30 . 2013-08-17 23:30 -------- d-----w- c:\windows\system32\searchplugins 2013-08-17 23:30 . 2013-08-17 23:30 -------- d-----w- c:\windows\system32\Extensions 2013-08-17 22:43 . 2013-08-17 22:43 -------- d-----w- c:\progra~2\8520-1~2 2013-08-17 20:57 . 2013-08-17 20:57 -------- d-----w- c:\users\Steve\AppData\Local\avgchrome 2013-08-17 20:54 . 2013-08-17 20:54 -------- d-----w- c:\progra~2\99554C~1 2013-08-17 20:54 . 2013-08-17 20:54 -------- d-----w- c:\progra~2\8520-1~1 2013-08-17 20:52 . 2013-08-17 20:52 -------- d-----w- c:\users\Steve\AppData\Local\ShieldApps 2013-08-17 20:51 . 2013-08-17 23:15 -------- d-----w- c:\program files\PC Registry Shield 2013-08-17 20:50 . 2013-08-17 20:51 -------- d-----w- c:\program files\wrapper_inst 2013-08-17 20:49 . 2013-08-17 20:49 -------- d-----w- c:\users\Steve\AppData\Roaming\LibreOffice 2013-08-17 20:49 . 2013-08-17 20:49 -------- d-----w- c:\users\Steve\AppData\Roaming\SeeSimilar 2013-08-14 02:29 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 02:29 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 02:29 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 02:29 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-08-14 02:28 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 02:28 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 02:28 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 02:28 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 02:28 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 02:28 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 02:28 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 02:28 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 02:28 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-10 21:00 . 2013-08-10 21:00 -------- d-----w- c:\programdata\Microsoft Help 2013-08-10 21:00 . 2013-08-10 21:00 -------- d-----w- c:\users\Steve\AppData\Local\Microsoft Help 2013-08-10 20:11 . 2013-08-10 21:06 -------- d-----w- c:\programdata\Virtualized Applications 2013-08-10 19:42 . 2013-08-10 21:06 -------- d-----w- c:\users\Steve\AppData\Local\SoftGrid Client 2013-08-10 19:42 . 2013-08-17 20:02 -------- d-----w- c:\users\Steve\AppData\Roaming\SoftGrid Client 2013-08-10 19:37 . 2013-08-17 19:20 -------- d-----w- c:\users\Steve\AppData\Roaming\TP 2013-07-20 10:23 . 2013-07-20 10:21 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62B2C4DD-F37E-401E-A156-A0E4F2BDB728}\gapaengine.dll 2013-07-20 10:14 . 2013-08-15 02:09 -------- d-----w- c:\windows\system32\MRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-02 12:17 . 2012-12-09 07:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-02 12:17 . 2011-06-19 16:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-21 13:51 . 2011-08-11 18:43 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-06-18 20:50 . 2013-06-18 20:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-18 20:50 . 2012-03-20 19:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-06-04 01:50 . 2013-07-13 13:30 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:06 . 2013-07-13 13:30 505344 ----a-w- c:\windows\system32\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-17 5703920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-11 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 154136] "ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2013-03-22 86016] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-18 483420] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176] "DataCardMonitor"="c:\program files\T-Mobile\InternetManager_H\DataCardMonitor.exe" [2012-12-22 253952] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "pcreg"="c:\program files\wrapper_inst\service.exe" [2013-08-17 346720] . c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912] OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2970680302-2301816736-3001710448-1000] "EnableNotificationsRef"=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-11-17 81920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2013-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-09 12:17] . 2013-08-17 c:\windows\Tasks\At1.job - c:\program files\wrapper_inst\service.exe [2013-08-17 20:50] . 2013-08-19 c:\windows\Tasks\pcreg.job - c:\program files\wrapper_inst\service.exe [2013-08-17 20:50] . - - - - ORPHANS REMOVED - - - - . Toolbar-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file) Toolbar-Locked - (no file) c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk - (no file) AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe AddRemove-iMesh MediaBar - c:\program files\iMesh Applications\MediaBar\uninstall.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DataCardMonitor = c:\program files\T-Mobile\InternetManager_H\DataCardMonitor.exe????x????P???????;c:\windows\Syst???y???? h???????????????????????????????8??????am Files\T-Mobile\InternetManager_H\?t S????????c:\program files\T-Mobile\InternetManager_H\?2.tW??W?????8?????? . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\progra~1\mcafee\SITEAD~1\mcsacore.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\igfxsrvc.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\users\Steve\AppData\Roaming\T-Mobile Internet Manager\ouc.exe . ************************************************************************** . Completion time: 2013-08-19 02:30:44 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-19 01:30 . Pre-Run: 285,720,875,008 bytes free Post-Run: 286,641,160,192 bytes free . - - End Of File - - 2C02C7A4B95A77DEBC68B99C86DC4C2E 5C616939100B85E558DA92B899A0FC36
  13. ZeroG
    Ok I have run that programme and have the log ready to go, just a little embarrasing problem, i dont know how to attach the file. Sorry this must be frustrating for you dealing with me.
  14. ZeroG
    Ok. I opened up the computer in Safe mode with networking but for some reason my mobile broadband dongle will not connect to the internet in that mode. Unfortunately I do not have access to another network or computer for several days. Is there any other step I can take from here? No problem if not, I guess I will just have to wait but I am keen to do whatever I can if there are any other possibilities.
  15. ZeroG
    Just to clarify the situation, I began following the instructions with superantispyware disabled but not Security essentials. I then realised my mistake as outlined in post #8. From this point on I started again from the beginning and listed my results. The antispyware was then disabled throughout, I didnt reactivate it until after I was unsuccesful in downloading farber recovery scan tool. Sorry to be a pain, but I just wanted to make sure you saw that I noticed my error and started again. Do I definitely have to start again? Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.