jam_spoons

Hi, None of the above made any difference. I've had to reinstall Windows Vista and erase the current installation. When I left it with my friend it was running Malwarebytes and MSE togther and allowing connection over the belkin wireless adapter. Though, my friend did tell me that Malwarebytes had uninstalled itself but I haven't had a chance to check what she means by this yet so I don't really know what, if anything, has happened. You may as well close this post, though. If I need any more help, I'll be sure to let you know. Many thanks for everything you've done and all your time spent. Best regards Jo

Hello again, Here is the log you requested from Combofix. ComboFix 14-06-04.01 - dave 05/06/2014 16:43:37.3.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.992 [GMT 1:00]Running from: c:\users\dave\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..D:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2014-05-05 to 2014-06-05 )))))))))))))))))))))))))))))))..2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\Public\AppData\Local\temp2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\lukezoe\AppData\Local\temp2014-06-05 15:51 . 2014-06-05 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-05 15:17 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F75DA5F-2F58-4B84-80AA-27EBDB405541}\mpengine.dll2014-05-27 07:54 . 2014-04-23 10:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CA70509-53EF-4162-A854-0C175121B3F7}\gapaengine.dll2014-05-27 07:53 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-05-22 10:45 . 2014-05-22 10:45 -------- d-----w- c:\programdata\Malwarebytes2014-05-19 20:36 . 2014-05-19 20:36 -------- d-----w- c:\program files\ESET2014-05-15 15:53 . 2014-05-15 15:55 -------- d-----w- C:\FRST2014-05-15 12:45 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb2014-05-08 13:17 . 2014-05-08 13:18 -------- d-----w- c:\users\dave\AppData\Roaming\Foxit Software2014-05-08 13:17 . 2014-05-08 13:17 -------- d-----w- c:\users\Public\Foxit Software2014-05-08 13:17 . 2014-05-08 13:17 -------- d-----w- c:\program files\Foxit Software2014-05-08 12:55 . 2014-04-23 10:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-04-17 04:32 . 2014-05-05 14:56 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D86B080E-DD22-4B81-8416-4C9EAE2F3CC6}\mpengine.dll2014-03-31 21:46 . 2014-03-31 21:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL2014-03-31 21:46 . 2014-03-31 21:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX2014-03-11 08:52 . 2014-03-11 08:52 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2014-03-07 23:12 . 2014-04-11 08:42 1806848 ----a-w- c:\windows\system32\jscript9.dll2014-03-07 23:02 . 2014-04-11 08:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2014-03-07 23:02 . 2014-04-13 02:00 1129472 ----a-w- c:\windows\system32\wininet.dll2014-03-07 22:57 . 2014-04-11 08:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe2014-03-07 22:56 . 2014-04-11 08:42 421376 ----a-w- c:\windows\system32\vbscript.dll2009-03-31 21:47 . 2008-10-27 16:10 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll2009-11-24 16:17 . 2008-12-15 17:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2014-04-23 533568].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576].c:\users\lukezoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe -T [2005-10-28 1404928].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^Users^dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]path=c:\users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnkbackup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2014-02-21 02:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]2007-03-01 14:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3661334880-1982377886-768432890-1002]"EnableNotificationsRef"=dword:00000001.R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-06-05 15:27 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:12].2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:12]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.comuSearch Page = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuInternet Settings,ProxyServer = uSearchAssistant = hxxp://www.google.comuSearchURL,(Default) = hxxp://www.google.com/keyword/%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1 0.0.0.0..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-06-05 16:52Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.032".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ani".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.bay".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.bmp".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.bw".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.cr2".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.crw".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.cs1".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.cur".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.dcr".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.dcx".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.dib".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.djv".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.djvu".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.dng".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.emf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.eps".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.erf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.fff".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.fpx".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.gif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.icl".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.icn".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ico".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.iff".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ilbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.int".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.inta".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.iw4".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.j2c".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.j2k".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jfif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jp2".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpc".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpe".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpeg".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]@Denied: (2) (S-1-5-21-3661334880-1982377886-768432890-1002)@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpg".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpk".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.jpx".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.lbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.mos".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.mrw".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.nef".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.orf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pcd".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pct".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pcx".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pef".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pgm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pic".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pict".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.pix".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.png".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ppm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.psd".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.psp".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.raf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ras".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.raw".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.rgb".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.rgba".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.rle".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.rsb".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.sgi".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.sr2".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.srf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.tga".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.thm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.tif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.tiff".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ttc".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.ttf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.v9o".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.v9p".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.v9pf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.wbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.wbmp".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.wmf".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.xbm".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.xif".[HKEY_USERS\S-1-5-21-3661334880-1982377886-768432890-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="ACDSee 9.0.xpm".Completion time: 2014-06-05 16:54:22ComboFix-quarantined-files.txt 2014-06-05 15:54ComboFix2.txt 2014-05-05 16:08.Pre-Run: 129,326,952,448 bytes freePost-Run: 128,774,467,584 bytes free.- - End Of File - - 3C42FE7CA9246D8E4FB8369E02668B8464B1E91C5C6C2157642651010728F90F

Hello, I've tried that again and it still won't allow any communications through the Belkin adaptor. It works fine over wire or if MBAM is switched off. It's not so important as she has MSE on there and she can run MBAM scans but I would have liked to get it working for her as it's such a good program.

Hi, I don't know if you're still looking into this but I've had to disable Malwarebytes on startup in order to get online. I tried adding the Belkin adapter executable file to the MBAM exceptions rules but that didn't work either. Everything works fine together over the ethernet wire but there's no way for her to keep that as a permanent solution. I've tried uninstalling MBAM several times with your clean tool but the same problem occurs every time I reinstall it. Everything runs smoothly as long as MBAM isn't running and I've told my friend to run a scan once each week as a precaution. Other than this, I don't know what to do. I didn't want her to remove MBAM entirely but it's the only way she can get online. Thanks

Hi, Only two items found on the eset scan. C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 a variant of Win32/DomaIQ.BB potentially unwanted application deleted - quarantined C:\Users\dave\AppData\Local\Temp\50901435-e514-44b5-8484-391a4398a971\software\Cloud_Backup_Setup.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined I'm wondering if this isn't a problem with the Belkin USB wifi not getting through Malwarebytes as the internet works fine over wire? Many thanks

Hello again. Many thanks for your reply. Here are the two logs you requested. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista Home Premium x86 Ran by dave on 18/05/2014 at 15:09:36.21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\Users\dave\appdata\locallow\smartbar" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18/05/2014 at 15:11:55.94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.208 - Report created 18/05/2014 at 15:16:13 # Updated 11/05/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : dave - DAVE-PC # Running from : C:\Users\dave\Downloads\adwcleaner_3.208.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\dave\AppData\Roaming\Solvusoft Folder Deleted : C:\Users\dave\AppData\Roaming\VOPackage Folder Deleted : C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16545 -\\ Mozilla Firefox v2.0 (en-GB) [ File : C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\prefs.js ] -\\ Google Chrome v34.0.1847.137 [ File : C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317933&octid=EB_ORIGINAL_CTID&ISID=MB450E33F-1D4E-4DC5-AE1B-8680844F5483&SearchSource=58&CUI=&UM=5&UP=SP31BD9838-B86D-4CC4-8676-B37F182402FE&q={searchTerms}&SSPV= ************************* AdwCleaner[R0].txt - [4657 octets] - [05/05/2014 16:35:00] AdwCleaner[R1].txt - [1007 octets] - [05/05/2014 17:10:40] AdwCleaner[R2].txt - [2428 octets] - [18/05/2014 15:13:34] AdwCleaner[s0].txt - [4800 octets] - [05/05/2014 16:36:10] AdwCleaner[s1].txt - [1068 octets] - [05/05/2014 17:11:14] AdwCleaner[s2].txt - [2375 octets] - [18/05/2014 15:16:13] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2435 octets] ##########

Hi Borislav, Many thanks for replying. I pay for a subscription to Malwarebytes but I'm doing this for a friend who doesn't and I found this forum very helpful last time so I just thought I'd come back. Norton was removed before I installed MSE. I used a Norton uninstaller tool but I notice it has still left some files and folders in there. I've done my best to remove all of those but I think there may still be items remaining. I've also done my best to uninstall the items on your list using Revo. Here is the Mbam scan log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16/05/2014 Scan Time: 20:04:06 Logfile: mbam.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.16.13 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: dave Scan Type: Threat Scan Result: Completed Objects Scanned: 309720 Time Elapsed: 14 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, Quarantined, [f12cada5a7d4c76f48324172ff0433cd], Physical Sectors: 0 (No malicious items detected) (end)

Log continued Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-05-2014 Ran by dave at 2014-05-15 16:54:05 Running from C:\Users\dave\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation) Hidden Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin) Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden DMUninstaller (HKLM\...\DMUninstaller) (Version: - ) <==== ATTENTION Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation) GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.) Internet From BT (Version: - ) Hidden iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle) Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION MagicSports 3.5 (Version: - ) Hidden Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft® Office Trial 2007 (HKLM\...\OFF2k7_UK) (Version: - ) MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION Norton 360 (Version: 1.0.0.184 - Symantec Corporation) Hidden NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Packard Bell ImageWriter (HKLM\...\ImageWriter) (Version: - ) Packard Bell LCD Test (HKLM\...\LCDTest) (Version: - ) QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek HD Audio V6.0.1.5377 (HKLM\...\AUDIO_REALTEK) (Version: - ) Realtek High Definition Audio Driver (Version: 6.0.1.5377 - Realtek Semiconductor Corp.) Hidden Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Search Protect (HKLM\...\SearchProtect) (Version: 2.12.20.154 - Conduit) <==== ATTENTION Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Video NVIDIA v162.22 (HKLM\...\VIDEO_NVIDIA) (Version: - ) WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios) Yahoo Community Smartbar Engine (HKCU\...\{86bc7a88-4fb1-4c79-b21b-31909aa79005}) (Version: 11.47.66.16718 - Linkury Inc.) <==== ATTENTION ==================== Restore Points ========================= 15-03-2014 13:08:06 Windows Update 22-03-2014 09:51:16 Windows Update 22-03-2014 10:31:24 Norton_Power_Eraser_20140322103124593 11-04-2014 08:19:20 Windows Update 12-04-2014 08:26:50 Windows Update 13-04-2014 02:00:28 Windows Update 14-04-2014 16:09:12 Scheduled Checkpoint 14-04-2014 17:01:51 Windows Update 14-04-2014 17:18:52 Removed Facebook Video Calling 2.0.0.447 14-04-2014 17:23:31 Removed Safari 14-04-2014 17:29:52 Removed Adobe Community Help 14-04-2014 17:30:41 Removed Java 6 Update 37 14-04-2014 19:07:22 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers 14-04-2014 19:08:09 Device Driver Package Install: Apple Network adapters 14-04-2014 19:10:25 Revo Uninstaller's restore point - WinRAR 4.01 (32-bit) 19-04-2014 07:31:32 Windows Update 27-04-2014 15:17:06 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.1.1004 27-04-2014 15:18:06 Revo Uninstaller's restore point - Norton 360 2007 01-05-2014 19:27:51 Windows Update 05-05-2014 14:54:06 Windows Update 05-05-2014 16:17:44 Revo Uninstaller's restore point - iBackupBot for iTunes 3.6.4 05-05-2014 16:19:58 Revo Uninstaller's restore point - Sony Picture Utility 05-05-2014 16:20:27 Removed Sony Picture Utility 05-05-2014 16:20:52 Removed Browser 05-05-2014 16:21:21 Revo Uninstaller's restore point - Infocentre Rev. 2.0 05-05-2014 16:21:55 Removed VolumeWatcher 05-05-2014 16:22:25 Removed InitTool 05-05-2014 16:22:52 Revo Uninstaller's restore point - Media Go 05-05-2014 16:23:05 Removed Media Go 05-05-2014 16:23:19 Removed Importer 05-05-2014 16:23:49 Removed Announce 05-05-2014 16:24:55 Removed Map View 05-05-2014 16:25:26 Removed DataDiscMaker 05-05-2014 16:25:53 Removed SBS_PXEngine 05-05-2014 16:26:23 Removed Shared3 05-05-2014 16:26:55 Revo Uninstaller's restore point - AMR to MP3 Converter 1.4 05-05-2014 16:28:42 Revo Uninstaller's restore point - Adobe Shockwave Player 11.5 05-05-2014 16:29:39 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin 05-05-2014 16:30:41 Revo Uninstaller's restore point - Adobe Reader 8.1.2 05-05-2014 16:32:26 Revo Uninstaller's restore point - Adobe AIR 05-05-2014 16:33:23 Revo Uninstaller's restore point - Adobe Download Assistant 05-05-2014 16:39:39 Revo Uninstaller's restore point - Adobe Download Assistant 05-05-2014 16:40:31 Removed Adobe Download Assistant 05-05-2014 16:43:04 Revo Uninstaller's restore point - Adobe Reader 8 05-05-2014 16:45:03 Revo Uninstaller's restore point - Keyboard FIJI 05-05-2014 16:45:44 Revo Uninstaller's restore point - SetUp My PC 05-05-2014 16:47:19 Revo Uninstaller's restore point - FBackup 4 05-05-2014 16:48:37 Revo Uninstaller's restore point - Shockwave player 10 05-05-2014 16:49:50 Revo Uninstaller's restore point - Packard Bell Updator 05-05-2014 16:50:46 Revo Uninstaller's restore point - Flash Player 9 Internet Explorer 05-05-2014 16:51:35 Revo Uninstaller's restore point - HDReg 05-05-2014 16:51:50 Removed HDReg 05-05-2014 16:55:00 Windows Update 05-05-2014 17:13:04 Windows Update 14-05-2014 19:48:43 Revo Uninstaller's restore point - Yahoo Community Smartbar 14-05-2014 19:51:41 Removed Yahoo Community Smartbar 14-05-2014 20:06:29 Windows Update 15-05-2014 12:27:59 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.1.1004 15-05-2014 12:42:56 Windows Update 15-05-2014 13:28:22 Revo Uninstaller's restore point - Google Chrome ==================== Hosts content: ========================== 2006-11-02 11:23 - 2014-05-05 17:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {01C0C708-2445-4DC6-8357-67934793AB0D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation) Task: {05037DF8-29BC-45D5-A634-C3D61D8146A9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {288FE330-0558-43F1-8BE0-89BAC4092267} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {3FDBE9E7-BF49-459C-99F6-0F787E986836} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {688B2C34-3847-4863-B613-326116596225} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe Task: {79C91841-82B3-418F-A2C1-3009C568F8D9} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe Task: {7B5A4A79-F263-4385-9115-89B0EC84E34E} - System32\Tasks\Microsoft\Windows\RestartManager\{BF68DABD-A8AD-4eb1-BD52-BC8E4AD1935B} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {981A63BA-6270-4977-814B-81DF81F0BB24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.) Task: {C438F13B-9434-499F-A73B-6226A70EB01A} - System32\Tasks\AdobeAAMUpdater-1.0-dave-PC-dave => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) Task: {CC6D768B-5141-4365-ACB4-769BBF41219B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - dave => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {EA863FBF-423C-4C92-B5AD-3B7DB9558F8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.) Task: {F4890BCD-656E-433C-945D-A7433AB473B3} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-08 14:18 - 2014-05-08 14:18 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll 2014-04-14 18:50 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll 2005-10-28 12:13 - 2005-10-28 12:13 - 00167936 _____ () C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll 2005-10-28 12:13 - 2005-10-28 12:13 - 00061440 _____ () C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08 AlternateDataStreams: C:\Users\dave\Desktop\Holiday snaps:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Downloads\elps:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Downloads\HMRC Submission receipt_files:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Downloads\ModLoader (3):Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Downloads\SMP's Revival:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Downloads\YogBox_1.7.3_B6 (2):Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\bin:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\config:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\Datel:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\Downloads:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\elps:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\luke homework folder:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\MapView:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\mods:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\My Projects:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\New Folder:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\New Folder (2):Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\New Folder (3):Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\New Folder (5):Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\New Folder (6):Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\New price.eml:OECustomProperty AlternateDataStreams: C:\Users\dave\Documents\OneNote Notebooks:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\Picture Motion Browser:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\resources:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\samsung:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\saves:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\stats:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\Symantec:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\texturepacks:Roxio EMC Stream AlternateDataStreams: C:\Users\dave\Documents\Updater5:Roxio EMC Stream AlternateDataStreams: C:\Users\lukezoe\Documents\My Google Gadgets:Roxio EMC Stream AlternateDataStreams: C:\Users\lukezoe\Documents\OneNote Notebooks:Roxio EMC Stream AlternateDataStreams: C:\Users\Public\Roaming:Roxio EMC Stream ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: GoogleDesktopManager-110309-193829 => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: stllssvr => 3 MSCONFIG\startupfolder: C:^Users^dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe ==================== Faulty Device Manager Devices ============= Name: HL-DT-ST DVDRAM GSA-H40N ATA Device Description: CD-ROM Drive Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: USB CF Reader Description: USB CF Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: USB MS Reader Description: USB MS Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: USB SD Reader Description: USB SD Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: USB SM Reader Description: USB SM Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (05/15/2014 02:28:12 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {3dfac78a-3276-4675-ba39-30a67139caba} Error: (05/15/2014 02:16:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist. Error: (05/15/2014 02:16:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12017 (0x2ef1) Error: (05/15/2014 02:15:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist. Error: (05/15/2014 02:15:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12017 (0x2ef1) Error: (05/15/2014 02:08:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application mbam.exe, version 1.0.0.500, time stamp 0x533d8de2, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd, process id 0xfd4, application start time 0xmbam.exe0. Error: (05/15/2014 02:08:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application taskmgr.exe, version 6.0.6001.18000, time stamp 0x47918e94, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x73c874b2, process id 0x468, application start time 0xtaskmgr.exe0. Error: (05/15/2014 02:05:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist. Error: (05/15/2014 02:05:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt12017 (0x2ef1) Error: (05/15/2014 02:05:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtThis network connection does not exist. System errors: ============= Error: (05/15/2014 02:57:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.173.2219.0){C9FF5D63-6345-4A19-AD5E-7158C080C815}201 Error: (05/15/2014 02:55:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.2219.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/15/2014 02:30:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 111.13.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/15/2014 02:30:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1635.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/15/2014 02:30:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1635.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/15/2014 02:29:47 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1635.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/15/2014 02:20:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 111.13.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/15/2014 02:20:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1635.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/15/2014 02:20:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1635.0 Update Source: %NT AUTHORITY51 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/15/2014 02:20:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1635.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Microsoft Office Sessions: ========================= Error: (01/19/2014 11:12:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2258 seconds with 240 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-05-15 16:53:52.058 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-15 16:53:51.731 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-15 16:53:51.387 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-15 16:53:51.044 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-15 16:53:50.561 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-15 16:53:50.202 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-15 16:53:49.827 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-15 16:53:49.484 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-15 16:53:34.078 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-15 16:53:33.766 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 2045.76 MB Available physical RAM: 964.17 MB Total Pagefile: 4346.77 MB Available Pagefile: 3127.34 MB Total Virtual: 2047.88 MB Available Virtual: 1917.01 MB ==================== Drives ================================ Drive c: (HDD) (Fixed) (Total:224.88 GB) (Free:113.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Removable) (Total:1.99 GB) (Free:1.99 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: 4DF9FDDA) Partition 1: (Not Active) - (Size=8 GB) - (Type=27) Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 2 GB) (Disk ID: 08FECB2D) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================

Hello, You helped me before and were brilliant and I was wondering if you could please help me once more? I advised a friend to run Malwarebytes along with MSE but when Malwarebytes starts running it always blocks access to the internet so she has to disable it to get online. I've tried my best to clean off her PC but the problem persists and I saw that it may be a "hidden DNS hijack" from another thread. I've run the dds script and the Farbar scan tool and the logs are below. I'd be very appreciative if someone could look into this for me. Many thanks Jo dds.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.15.2 Run by dave at 16:38:10 on 2014-05-15 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1001 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\MyPC Backup\BackupStack.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\wpcumi.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com uSearch Page = hxxp://www.google.com uProxyServer = uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Yahoo Community Smartbar (by Linkury): {ae07101b-46d4-4a98-af68-0333ea26e113} - uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\packer~1.lnk - c:\users\dave\appdata\roaming\opencandy\d74f5f4b2d1a42d880c0e1f59ca7176b\Packer.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab TCP: NameServer = 192.168.1.1 0.0.0.0 TCP: Interfaces\{1527C122-8FB6-46CC-A354-6D411D8B9841} : DHCPNameServer = 192.168.1.1 0.0.0.0 TCP: Interfaces\{2C2E8488-C476-405F-BAA9-A47DBAF55567} : DHCPNameServer = 192.168.1.1 0.0.0.0 TCP: Interfaces\{6384F98E-88DA-4BFB-B44D-28A2EF17E44E} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{EB10810C-1352-427A-9EED-48CA2BDD15E4} : DHCPNameServer = 192.168.1.254 LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960] R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-3-14 36392] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-20 21504] R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-5-8 241728] R2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-5-15 73432] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-15 1809720] R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-15 857912] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-15 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-15 107736] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-15 51416] S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2009-5-28 29184] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-19 83168] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-3-11 104264] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168] . =============== Created Last 30 ================ . 2014-05-15 13:55:29 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2b2c83bc-ec11-4fe7-8600-4a0c3f7addd0}\gapaengine.dll 2014-05-15 13:46:42 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{009c9ac1-4161-423f-b9c2-cbcb49bb0689}\mpengine.dll 2014-05-15 13:16:22 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-15 13:15:59 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-15 13:15:59 51416 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-15 13:15:59 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-15 13:15:59 -------- d-----w- c:\programdata\Malwarebytes 2014-05-15 13:15:59 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-05-15 12:45:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-08 13:41:51 -------- d-----w- c:\program files\Uninstaller 2014-05-08 13:37:32 -------- d-----w- c:\users\dave\appdata\roaming\VOPackage 2014-05-08 13:36:58 -------- d-----w- c:\program files\MyPC Backup 2014-05-08 13:17:57 -------- d-----w- c:\users\dave\appdata\roaming\Foxit Software 2014-05-08 13:17:21 -------- d-----w- c:\program files\Foxit Software 2014-05-08 12:55:47 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2014-05-08 12:54:11 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2014-05-05 17:14:09 -------- d-----w- c:\program files\Microsoft Security Client 2014-05-05 17:13:26 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2014-05-05 16:03:25 -------- d-----w- C:\$RECYCLE.BIN 2014-05-05 15:45:34 98816 ----a-w- c:\windows\sed.exe 2014-05-05 15:45:34 256000 ----a-w- c:\windows\PEV.exe 2014-05-05 15:45:34 208896 ----a-w- c:\windows\MBR.exe 2014-05-05 15:35:18 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-05-05 15:34:52 -------- d-----w- C:\AdwCleaner 2014-05-05 15:29:40 -------- d-----w- c:\windows\ERUNT 2014-05-05 14:56:16 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d86b080e-dd22-4b81-8416-4c9eae2f3cc6}\mpengine.dll . ==================== Find3M ==================== . 2014-03-31 21:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2014-03-31 21:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2014-03-11 08:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll 2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll 2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll . ============= FINISH: 16:39:26.17 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 31/12/2007 12:18:44 System Uptime: 15/05/2014 16:29:10 (0 hours ago) . Motherboard: Packard Bell BV | | PT890-8237A Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 113.819 GiB free. E: is Removable F: is Removable G: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318} Description: CD-ROM Drive Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-H40N________________RG01____\5&1D2C6A94&0&0.0.0 Manufacturer: (Standard CD-ROM drives) Name: HL-DT-ST DVDRAM GSA-H40N ATA Device PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-H40N________________RG01____\5&1D2C6A94&0&0.0.0 Service: cdrom . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB CF Reader Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1# Manufacturer: Generic Name: USB CF Reader PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB MS Reader Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3# Manufacturer: Generic Name: USB MS Reader PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB SD Reader Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0# Manufacturer: Generic Name: USB SD Reader PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB SM Reader Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2# Manufacturer: Generic Name: USB SM Reader PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2# Service: WUDFRd . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites Apple Application Support Apple Mobile Device Support Apple Software Update Belkin Wireless USB Utility Bonjour Compatibility Pack for the 2007 Office system DMUninstaller Foxit Cloud Foxit Reader GearDrvs Google Earth Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iCloud Internet From BT iTunes Java 7 Update 15 Java Auto Updater LPT System Updater Service MagicSports 3.5 Malwarebytes Anti-Malware version 2.0.1.1004 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.5.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Microsoft® Office Trial 2007 MobileMe Control Panel MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MyPC Backup Norton 360 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 Packard Bell ImageWriter Packard Bell LCD Test QuickTime Realtek HD Audio V6.0.1.5377 Realtek High Definition Audio Driver Revo Uninstaller 1.95 Search Protect Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Video NVIDIA v162.22 WinPatrol Yahoo Community Smartbar Engine . ==== End Of File =========================== FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-05-2014 Ran by dave (administrator) on DAVE-PC on 15-05-2014 16:53:18 Running from C:\Users\dave\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe (Microsoft Corporation) C:\Windows\System32\wpcumi.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (Belkin) C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor) HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [iSUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation) HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios) HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3661334880-1982377886-768432890-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3661334880-1982377886-768432890-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk ShortcutTarget: Belkin Wireless USB Utility.lnk -> C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Packer.exe.lnk ShortcutTarget: Packer.exe.lnk -> C:\Users\dave\AppData\Roaming\OpenCandy\D74F5F4B2D1A42D880C0E1F59CA7176B\Packer.exe (No File) Startup: C:\Users\lukezoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) GroupPolicyUsers\S-1-5-21-3661334880-1982377886-768432890-1003\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyServer: SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRJbBukZJ7n-FayWQBmw,,&q={searchTerms} SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRJbBukZJ7n-FayWQBmw,,&q={searchTerms} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRIU3wzuAFbqn3CtZ9CQ,,&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DxMiJWg9o5L6hYEVV4zSvSfztC4NY-sU00SNHo-KsV9nQZThwJ0nVYRGGymyXswEOCYvFKg2SmeoEGd1f3R0whLHLTXj4qgEt9xsbGBwOCVo70OBQMraCSXb7eH4XgmArVihMZ2-BQhODx9QRIU3wzuAFbqn3CtZ9CQ,,&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default FF DefaultSearchEngine: Google FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll () FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-24] FF Extension: Google Toolbar for Firefox - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-01-04] FF Extension: TalkTalk Mail Toolbar - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\y2e90gwv.default\Extensions\{e50376b0-4ded-4d46-a0ba-d3d87c971b56} [2011-06-06] FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-08-25] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-23] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010-01-04] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR DefaultSearchKeyword: google.co.uk CHR Extension: (Google Wallet) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10] CHR HKLM\...\Chrome\Extension: [gkcgjggoajjmljagopjnpjgbddigbcap] - C:\Users\dave\AppData\Local\CRE\gkcgjggoajjmljagopjnpjgbddigbcap.crx [2013-09-10] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It) R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-03-06] () S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS.sys [29184 2007-02-08] (Thesycon GmbH, Germany) S3 BLKWGU(Belkin); C:\Windows\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [73432 2014-04-03] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R1 MpKsl75ad56aa; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{009C9AC1-4161-423F-B9C2-CBCB49BB0689}\MpKsl75ad56aa.sys [39464 2014-05-15] (Microsoft Corporation) S3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U2 WZCSVC; U3 mbr; \??\C:\Users\dave\AppData\Local\Temp\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-15 16:53 - 2014-05-15 16:53 - 00015529 _____ () C:\Users\dave\Downloads\FRST.txt 2014-05-15 16:53 - 2014-05-15 16:53 - 00000000 ____D () C:\FRST 2014-05-15 16:43 - 2014-05-15 16:43 - 00008520 _____ () C:\Users\dave\Desktop\attach.txt 2014-05-15 16:43 - 2014-05-15 16:39 - 00011351 _____ () C:\Users\dave\Desktop\dds.txt 2014-05-15 14:55 - 2014-05-15 14:55 - 01056256 _____ (Farbar) C:\Users\dave\Downloads\FRST.exe 2014-05-15 14:46 - 2014-05-15 14:46 - 00688992 ____R (Swearware) C:\Users\dave\Downloads\dds.com 2014-05-15 14:34 - 2014-05-15 14:41 - 00002228 _____ () C:\Users\dave\Desktop\Rkill.txt 2014-05-15 14:16 - 2014-05-15 16:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-15 14:16 - 2014-05-15 14:16 - 00000862 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-15 14:16 - 2014-05-15 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-15 14:15 - 2014-05-15 14:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-15 14:15 - 2014-05-15 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-15 14:15 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-15 14:15 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-15 14:15 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-15 14:11 - 2014-05-15 14:11 - 00315392 _____ (Malwarebytes Corporation) C:\Users\dave\Downloads\mbam-clean-2.0.2.0.exe 2014-05-15 14:09 - 2014-05-15 14:09 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (2).zip 2014-05-15 13:48 - 2014-05-15 13:48 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-15 13:47 - 2014-05-15 13:48 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dave\Downloads\mbam-setup-2.0.1.1004 (4).exe 2014-05-15 13:45 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 13:45 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 13:45 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 13:38 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-08 14:37 - 2014-05-14 21:19 - 00000000 ____D () C:\Users\dave\AppData\Roaming\VOPackage 2014-05-08 14:37 - 2014-05-08 14:37 - 00001717 _____ () C:\Users\dave\Desktop\Sync Folder.lnk 2014-05-08 14:37 - 2014-05-08 14:37 - 00000847 _____ () C:\Users\dave\Desktop\MyPC Backup.lnk 2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2014-05-08 14:36 - 2014-05-15 14:01 - 00000000 ____D () C:\Program Files\MyPC Backup 2014-05-08 14:33 - 2014-05-08 14:37 - 00000000 _____ () C:\END 2014-05-08 14:17 - 2014-05-08 14:18 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Foxit Software 2014-05-08 14:17 - 2014-05-08 14:17 - 00001896 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk 2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Program Files\Foxit Software 2014-05-05 18:15 - 2014-05-05 18:15 - 00002154 _____ () C:\Windows\epplauncher.mif 2014-05-05 18:15 - 2014-05-05 18:15 - 00001789 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-05-05 18:14 - 2014-05-05 18:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-05-05 18:13 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-05-05 18:05 - 2014-05-05 18:05 - 11241816 _____ (Microsoft Corporation) C:\Users\dave\Downloads\mseinstall.exe 2014-05-05 17:14 - 2014-05-05 17:14 - 00000000 ____D () C:\Users\dave\Downloads\tdsskiller (1) 2014-05-05 17:13 - 2014-05-05 17:14 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (1).zip 2014-05-05 17:08 - 2014-05-05 17:08 - 00026512 _____ () C:\ComboFix.txt 2014-05-05 16:45 - 2014-05-05 17:08 - 00000000 ____D () C:\Qoobox 2014-05-05 16:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-05 16:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-05 16:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-05 16:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-05 16:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-05 16:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-05 16:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-05 16:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-05 16:44 - 2014-05-05 17:07 - 00000000 ____D () C:\Windows\erdnt 2014-05-05 16:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-05 16:34 - 2014-05-05 17:11 - 00000000 ____D () C:\AdwCleaner 2014-05-05 16:34 - 2014-05-05 16:34 - 01316991 _____ () C:\Users\dave\Downloads\AdwCleaner.exe 2014-05-05 16:29 - 2014-05-05 16:29 - 01016261 _____ (Thisisu) C:\Users\dave\Downloads\JRT.exe 2014-05-05 16:29 - 2014-05-05 16:29 - 00000000 ____D () C:\Windows\ERUNT 2014-05-05 16:28 - 2014-05-05 16:29 - 05199940 ____R (Swearware) C:\Users\dave\Downloads\ComboFix.exe 2014-05-05 16:26 - 2014-05-05 16:27 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller.zip 2014-05-05 16:26 - 2014-05-05 16:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dave\Downloads\tdsskiller.exe 2014-05-05 16:26 - 2014-05-05 16:26 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\dave\Downloads\iExplore.exe 2014-04-26 18:28 - 2014-04-26 18:28 - 00869456 _____ () C:\Users\dave\Downloads\Norton_Removal_Tool.exe 2014-04-18 14:19 - 2014-04-18 14:19 - 01889841 _____ () C:\Users\dave\Downloads\Resistant+Materials(2).pptx ==================== One Month Modified Files and Folders ======= 2014-05-15 16:53 - 2014-05-15 16:53 - 00015529 _____ () C:\Users\dave\Downloads\FRST.txt 2014-05-15 16:53 - 2014-05-15 16:53 - 00000000 ____D () C:\FRST 2014-05-15 16:52 - 2006-11-02 11:33 - 00778264 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-15 16:51 - 2011-01-22 16:32 - 00018276 _____ () C:\Windows\setupact.log 2014-05-15 16:43 - 2014-05-15 16:43 - 00008520 _____ () C:\Users\dave\Desktop\attach.txt 2014-05-15 16:39 - 2014-05-15 16:43 - 00011351 _____ () C:\Users\dave\Desktop\dds.txt 2014-05-15 16:37 - 2007-12-31 13:18 - 02095905 _____ () C:\Windows\WindowsUpdate.log 2014-05-15 16:33 - 2014-05-15 14:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-15 16:31 - 2010-02-07 20:12 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-15 16:29 - 2007-08-25 08:42 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-15 16:29 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-15 16:29 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-15 16:29 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-15 14:58 - 2006-11-02 14:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-15 14:55 - 2014-05-15 14:55 - 01056256 _____ (Farbar) C:\Users\dave\Downloads\FRST.exe 2014-05-15 14:46 - 2014-05-15 14:46 - 00688992 ____R (Swearware) C:\Users\dave\Downloads\dds.com 2014-05-15 14:41 - 2014-05-15 14:34 - 00002228 _____ () C:\Users\dave\Desktop\Rkill.txt 2014-05-15 14:30 - 2007-08-25 08:49 - 00000000 ____D () C:\Program Files\Google 2014-05-15 14:23 - 2010-02-07 20:12 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-15 14:16 - 2014-05-15 14:16 - 00000862 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-15 14:16 - 2014-05-15 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-15 14:16 - 2014-05-15 14:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-15 14:15 - 2014-05-15 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-15 14:13 - 2011-01-22 21:01 - 01039302 _____ () C:\Windows\PFRO.log 2014-05-15 14:11 - 2014-05-15 14:11 - 00315392 _____ (Malwarebytes Corporation) C:\Users\dave\Downloads\mbam-clean-2.0.2.0.exe 2014-05-15 14:09 - 2014-05-15 14:09 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (2).zip 2014-05-15 14:08 - 2013-03-30 11:12 - 00000000 ____D () C:\Users\dave\AppData\Local\CrashDumps 2014-05-15 14:01 - 2014-05-08 14:36 - 00000000 ____D () C:\Program Files\MyPC Backup 2014-05-15 13:52 - 2013-08-16 10:50 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 13:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-15 13:49 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-05-15 13:48 - 2014-05-15 13:48 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-15 13:48 - 2014-05-15 13:47 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dave\Downloads\mbam-setup-2.0.1.1004 (4).exe 2014-05-15 13:48 - 2007-08-25 08:55 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 07:59 - 2006-11-02 13:47 - 03653360 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-14 21:19 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\VOPackage 2014-05-14 20:35 - 2007-12-31 13:51 - 00070744 _____ () C:\Users\dave\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-08 19:40 - 2007-12-31 13:51 - 00000000 ____D () C:\Users\dave\AppData\Local\Google 2014-05-08 14:37 - 2014-05-08 14:37 - 00001717 _____ () C:\Users\dave\Desktop\Sync Folder.lnk 2014-05-08 14:37 - 2014-05-08 14:37 - 00000847 _____ () C:\Users\dave\Desktop\MyPC Backup.lnk 2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-05-08 14:37 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2014-05-08 14:37 - 2014-05-08 14:33 - 00000000 _____ () C:\END 2014-05-08 14:18 - 2014-05-08 14:17 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Foxit Software 2014-05-08 14:17 - 2014-05-08 14:17 - 00001896 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk 2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2014-05-08 14:17 - 2014-05-08 14:17 - 00000000 ____D () C:\Program Files\Foxit Software 2014-05-08 14:17 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2014-05-06 00:32 - 2014-05-15 13:45 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 00:14 - 2014-05-15 13:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 00:14 - 2014-05-15 13:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-05 19:16 - 2014-04-14 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-05-05 19:16 - 2014-04-14 18:50 - 00000000 ____D () C:\ProgramData\InstallMate 2014-05-05 18:15 - 2014-05-05 18:15 - 00002154 _____ () C:\Windows\epplauncher.mif 2014-05-05 18:15 - 2014-05-05 18:15 - 00001789 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-05-05 18:15 - 2014-05-05 18:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-05-05 18:05 - 2014-05-05 18:05 - 11241816 _____ (Microsoft Corporation) C:\Users\dave\Downloads\mseinstall.exe 2014-05-05 17:41 - 2011-06-26 15:01 - 00000000 ____D () C:\Users\dave\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2014-05-05 17:38 - 2007-08-25 08:38 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-05-05 17:33 - 2008-04-07 20:46 - 00000000 ____D () C:\Users\dave\AppData\Roaming\InstallShield 2014-05-05 17:32 - 2008-05-24 17:27 - 00000000 ____D () C:\Program Files\Adobe 2014-05-05 17:31 - 2008-05-24 17:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-05-05 17:31 - 2008-01-02 16:03 - 00000000 ____D () C:\Users\dave\AppData\Local\Adobe 2014-05-05 17:31 - 2007-08-25 08:45 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-05 17:28 - 2009-03-13 17:21 - 00000000 ____D () C:\Windows\system32\Adobe 2014-05-05 17:28 - 2007-08-25 08:48 - 00000000 ____D () C:\Windows\system32\Macromed 2014-05-05 17:26 - 2008-04-07 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility 2014-05-05 17:26 - 2008-04-07 20:49 - 00000000 ____D () C:\Program Files\Sony 2014-05-05 17:22 - 2007-08-25 08:38 - 00000000 ____D () C:\Program Files\Packard Bell 2014-05-05 17:21 - 2007-08-25 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell Support 2014-05-05 17:14 - 2014-05-05 17:14 - 00000000 ____D () C:\Users\dave\Downloads\tdsskiller (1) 2014-05-05 17:14 - 2014-05-05 17:13 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller (1).zip 2014-05-05 17:11 - 2014-05-05 16:34 - 00000000 ____D () C:\AdwCleaner 2014-05-05 17:08 - 2014-05-05 17:08 - 00026512 _____ () C:\ComboFix.txt 2014-05-05 17:08 - 2014-05-05 16:45 - 00000000 ____D () C:\Qoobox 2014-05-05 17:08 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2014-05-05 17:07 - 2014-05-05 16:44 - 00000000 ____D () C:\Windows\erdnt 2014-05-05 17:03 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2014-05-05 17:01 - 2007-12-31 13:38 - 00000000 ____D () C:\Users\dave 2014-05-05 16:34 - 2014-05-05 16:34 - 01316991 _____ () C:\Users\dave\Downloads\AdwCleaner.exe 2014-05-05 16:29 - 2014-05-05 16:29 - 01016261 _____ (Thisisu) C:\Users\dave\Downloads\JRT.exe 2014-05-05 16:29 - 2014-05-05 16:29 - 00000000 ____D () C:\Windows\ERUNT 2014-05-05 16:29 - 2014-05-05 16:28 - 05199940 ____R (Swearware) C:\Users\dave\Downloads\ComboFix.exe 2014-05-05 16:27 - 2014-05-05 16:26 - 04143997 _____ () C:\Users\dave\Downloads\tdsskiller.zip 2014-05-05 16:26 - 2014-05-05 16:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dave\Downloads\tdsskiller.exe 2014-05-05 16:26 - 2014-05-05 16:26 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\dave\Downloads\iExplore.exe 2014-05-05 16:19 - 2007-12-31 13:55 - 00108032 _____ () C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-26 19:15 - 2011-04-28 16:46 - 00000000 ____D () C:\Users\dave\Documents\saves 2014-04-26 19:14 - 2011-04-28 16:46 - 00000000 ____D () C:\Users\dave\Documents\stats 2014-04-26 19:14 - 2009-04-25 22:14 - 00000000 ____D () C:\Users\dave\Documents\Symantec 2014-04-26 18:35 - 2007-08-25 08:50 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-04-26 18:28 - 2014-04-26 18:28 - 00869456 _____ () C:\Users\dave\Downloads\Norton_Removal_Tool.exe 2014-04-26 18:28 - 2009-03-26 19:45 - 00000680 _____ () C:\Users\dave\AppData\Local\d3d9caps.dat 2014-04-18 14:19 - 2014-04-18 14:19 - 01889841 _____ () C:\Users\dave\Downloads\Resistant+Materials(2).pptx Some content of TEMP: ==================== C:\Users\dave\AppData\Local\Temp\BackupSetup.exe C:\Users\dave\AppData\Local\Temp\Quarantine.exe C:\Users\dave\AppData\Local\Temp\_is22DB.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-15 16:43 ==================== End Of Log ============================

Hi Gringo, My laptop now runs better than it ever did. I've uninstalled everything you said and disabled my Java. Many thanks for everything you've done; you're a superstar. Regards Jam spoons

Hi Gringo, Many thanks for everything you've done. There were a few 'threats' on thet ESET scan but I saved a backup to my G:\ drive and the rest seems to be the cleaner you had me install. I've removed those exectuables from my G:\ drive now. C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Debut\debut.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Debut\debutsetup_v1.64.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Debut\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application G:\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application G:\My Downloads\DM-244.exe Win32/HotSpotShield potentially unwanted application G:\My Downloads\gpl_ghostscript.exe a variant of Win32/InstallCore.AZ potentially unwanted application G:\My Downloads\IE7proSetup_2.4.7.exe Win32/OpenCandy potentially unsafe application G:\My Downloads\SoftonicDownloader_for_ccleaner.exe Win32/SoftonicDownloader.A potentially unwanted application

Hi Gringo, Thanks for all the time you've spent doing this, it's much appreciated. I wish I could buy you a beer or something. Here are the log files you requested. MBAM: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.11.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Jo :: HOMELAPTOP [administrator] Protection: Enabled 11/03/2014 01:54:31 mbam-log-2014-03-11 (01-54-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 311480 Time elapsed: 11 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:08:48, on 11/03/2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16533) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\OEM02Mon.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\ehome\ehtray.exe C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\notepad.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Jo\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: Dropbox.lnk = Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - http://downloads.virginmedia.com/CST/ver1/vistainstaller.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Update Service (gupdate1ca300d8c0e3590) (gupdate1ca300d8c0e3590) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8909 bytes Regards

Hello again! Here is the second combofix log. Everything is still running with no problems so far. Many thanks! ComboFix 14-03-05.01 - Jo 10/03/2014 16:55:04.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3573.1874 [GMT 0:00] Running from: c:\users\Jo\Desktop\ComboFix.exe Command switches used :: c:\users\Jo\Desktop\CFScript.txt AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 ))))))))))))))))))))))))))))))) . . 2014-03-10 17:11 . 2014-03-10 17:11 -------- d-----w- c:\users\James\AppData\Local\temp 2014-03-10 17:11 . 2014-03-10 17:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-10 17:11 . 2014-03-10 17:11 -------- d-----w- c:\users\Amber\AppData\Local\temp 2014-03-10 17:11 . 2014-03-10 17:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2014-03-10 13:43 . 2014-03-10 13:43 -------- d-----w- c:\windows\ERUNT 2014-03-10 13:29 . 2014-03-10 13:34 -------- d-----w- C:\AdwCleaner 2014-03-09 19:36 . 2014-03-09 19:36 -------- d-----w- c:\users\James\AppData\Roaming\AVAST Software 2014-03-07 15:54 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DD7FFC8-8AA1-4A1B-919A-F9953A246373}\mpengine.dll 2014-03-05 00:41 . 2014-03-05 00:41 -------- d-----w- c:\users\Jo\AppData\Roaming\AVAST Software 2014-03-05 00:12 . 2014-03-05 00:12 -------- d-----w- c:\programdata\AVAST Software 2014-03-05 00:08 . 2014-03-05 00:18 252592 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2014-03-05 00:08 . 2014-01-22 14:52 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys 2014-03-05 00:08 . 2014-03-05 00:18 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-03-05 00:07 . 2013-09-25 12:15 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2014-03-03 21:39 . 2014-03-03 21:39 -------- d-----w- c:\programdata\InstallShield 2014-03-03 21:33 . 2014-03-03 21:33 -------- d-----w- c:\programdata\Oracle 2014-03-03 21:31 . 2014-03-03 21:31 -------- d-----w- c:\program files\Java 2014-03-03 21:22 . 2014-03-03 21:22 -------- d-----w- c:\windows\Sun 2014-03-01 19:51 . 2014-03-01 19:51 -------- d-----w- c:\users\Jo\AppData\Roaming\Oracle 2014-03-01 19:29 . 2014-03-03 21:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-03-01 19:29 . 2014-03-01 19:29 0 ----a-w- c:\windows\system32\REN6BB7.tmp 2014-03-01 19:29 . 2014-03-01 19:29 0 ----a-w- c:\windows\system32\REN6B49.tmp 2014-03-01 18:19 . 2014-03-01 18:19 -------- d-----w- c:\program files\iPod 2014-03-01 18:18 . 2014-03-01 18:20 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 18:18 . 2014-03-01 18:20 -------- d-----w- c:\program files\iTunes 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2014-03-01 18:06 . 2014-03-01 18:07 -------- d-----w- c:\program files\QuickTime 2014-02-28 00:45 . 2014-02-28 00:45 -------- d-----w- c:\windows\Migration 2014-02-13 17:31 . 2014-02-05 08:49 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2014-02-13 16:11 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-05 00:19 . 2013-08-04 02:49 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-03-05 00:19 . 2011-03-30 22:38 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-03-05 00:19 . 2010-01-30 18:16 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-03-05 00:19 . 2010-01-30 18:16 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-03-05 00:19 . 2013-08-04 02:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-03-05 00:19 . 2010-01-30 18:16 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2014-03-05 00:19 . 2010-01-30 18:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-03-05 00:19 . 2010-10-01 22:09 43152 ----a-w- c:\windows\avastSS.scr 2014-03-05 00:19 . 2010-01-30 18:14 270240 ----a-w- c:\windows\system32\aswBoot.exe 2014-02-21 17:57 . 2012-03-29 16:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-02-21 17:57 . 2011-05-19 07:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-12-18 06:13 . 2009-10-03 09:52 231584 ------w- c:\windows\system32\MpSigStub.exe 2006-06-15 20:33 . 2013-10-01 00:00 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 18:43 . 2013-10-01 00:00 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 14:41 . 2013-10-01 00:00 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 13:10 . 2013-10-01 00:00 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 12:19 . 2013-10-01 00:00 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 18:35 . 2013-10-01 00:00 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 11:10 . 2013-10-01 00:00 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 11:42 . 2013-10-01 00:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 11:22 . 2013-10-01 00:00 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 11:21 . 2013-10-01 00:00 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-03-05 00:19 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864] "AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-03-05 3767096] . c:\users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2014-02-12 20:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series] 2007-04-12 06:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX420W(Network)] 2009-09-14 07:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-03-06 07:58 166424 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe] 2007-05-09 17:01 36864 ----a-w- c:\windows\OEM02Mon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-12-21 09:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-03-06 07:58 133656 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 09:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI] 2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe . S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728] . . --- Other Services/Drivers In Memory --- . *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2014-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:57] . 2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:49] . 2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:49] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\windows\system32\wpclsp.dll Trusted Zone: nationet.com\olb2 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-10 17:11 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2014-03-10 17:14:31 ComboFix-quarantined-files.txt 2014-03-10 17:14 ComboFix2.txt 2014-03-10 14:56 . Pre-Run: 7,493,582,848 bytes free Post-Run: 7,451,824,128 bytes free . - - End Of File - - D2B2E84CE4E1011B883B6D9E90FE5F1E 5C616939100B85E558DA92B899A0FC36

Hi Gringo, Here is the Combofix log. I didn't have any problems running it and the computer seems to still be up and running so it's all good for now. Many thanks. ComboFix 14-03-05.01 - Jo 10/03/2014 14:32:08.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3573.2230 [GMT 0:00] Running from: c:\users\Jo\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\James\Documents\~WRL0003.tmp c:\users\James\Documents\~WRL0005.tmp c:\users\James\Documents\~WRL0006.tmp c:\users\James\Documents\~WRL3397.tmp c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome.manifest c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\asyncDB.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\background.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\browserAction.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\contextMenu.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\dbManager.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\dom_bg.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\fileManager.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\firefox.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\firefoxNotifications.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\firefoxOmnibox.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\message.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\pageAction.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\request.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\tabs.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\webRequest.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\api\windowsMessagingHandler.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\background.html c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\baseObject.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\browser.xul c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\addressBarChangeObserver.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\console.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\consts.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\delegate.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\extensionDataStore.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\folderIOWrapper.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\httpObserver.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\IDBWrapper.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\installer.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\logFile.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\prefs.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\progressListenerObserver.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\registry.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\reloadObserver.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\reports.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\requestObject.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\searchSettings.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\uninstallObserver.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\updateManager.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\utils.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\core\xhr.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\dialog.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\ffCoreFilesIndex.txt c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\main.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\options.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\options.xul c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\platformVersion.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\chrome\content\search_dialog.xul c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\defaults\preferences\prefs.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\manifest.xml c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins.json c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\1_base.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\13_CrossriderAppUtils.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\14_CrossriderUtils.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\16_FFAppAPIWrapper.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\17_jQuery.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\177_crossriderDashboard.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\182_openUrl.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\183_tabsWrapper.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\207_dbWrapper.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\21_debug.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\22_resources.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\28_initializer.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\4_jquery_1_7_1.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\47_resources_background.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\5_notifications.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\64_appApiMessage.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\7_hooks.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\72_appApiValidation.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\78_CrossriderInfo.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\9_search_engine_hook.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\plugins\98_omniCommands.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\userCode\background.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\extensionData\userCode\extension.js c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\install.rdf c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\locale\en-US\translations.dtd c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button1.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button2.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button3.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button4.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\button5.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\crossrider_statusbar.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\icon128.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\icon16.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\icon24.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\icon48.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\panelarrow-up.png c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\popup.html c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\skin.css c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\extensions\crossriderapp14917@crossrider.com\skin\update.css c:\windows\wininit.ini F:\autorun.inf G:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 ))))))))))))))))))))))))))))))) . . 2014-03-10 14:48 . 2014-03-10 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-10 14:48 . 2014-03-10 14:48 -------- d-----w- c:\users\Amber\AppData\Local\temp 2014-03-10 14:48 . 2014-03-10 14:48 -------- d-----w- c:\users\James\AppData\Local\temp 2014-03-10 14:48 . 2014-03-10 14:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2014-03-10 13:43 . 2014-03-10 13:43 -------- d-----w- c:\windows\ERUNT 2014-03-10 13:29 . 2014-03-10 13:34 -------- d-----w- C:\AdwCleaner 2014-03-09 19:36 . 2014-03-09 19:36 -------- d-----w- c:\users\James\AppData\Roaming\AVAST Software 2014-03-07 15:54 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DD7FFC8-8AA1-4A1B-919A-F9953A246373}\mpengine.dll 2014-03-05 00:41 . 2014-03-05 00:41 -------- d-----w- c:\users\Jo\AppData\Roaming\AVAST Software 2014-03-05 00:12 . 2014-03-05 00:12 -------- d-----w- c:\programdata\AVAST Software 2014-03-05 00:08 . 2014-03-05 00:18 252592 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2014-03-05 00:08 . 2014-01-22 14:52 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys 2014-03-05 00:08 . 2014-03-05 00:18 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-03-05 00:07 . 2013-09-25 12:15 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2014-03-03 21:39 . 2014-03-03 21:39 -------- d-----w- c:\programdata\InstallShield 2014-03-03 21:33 . 2014-03-03 21:33 -------- d-----w- c:\programdata\Oracle 2014-03-03 21:31 . 2014-03-03 21:31 -------- d-----w- c:\program files\Java 2014-03-03 21:22 . 2014-03-03 21:22 -------- d-----w- c:\windows\Sun 2014-03-01 19:51 . 2014-03-01 19:51 -------- d-----w- c:\users\Jo\AppData\Roaming\Oracle 2014-03-01 19:29 . 2014-03-03 21:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-03-01 19:29 . 2014-03-01 19:29 0 ----a-w- c:\windows\system32\REN6BB7.tmp 2014-03-01 19:29 . 2014-03-01 19:29 0 ----a-w- c:\windows\system32\REN6B49.tmp 2014-03-01 18:19 . 2014-03-01 18:19 -------- d-----w- c:\program files\iPod 2014-03-01 18:18 . 2014-03-01 18:20 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 18:18 . 2014-03-01 18:20 -------- d-----w- c:\program files\iTunes 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2014-03-01 18:07 . 2014-03-01 18:07 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2014-03-01 18:06 . 2014-03-01 18:07 -------- d-----w- c:\program files\QuickTime 2014-02-28 00:45 . 2014-02-28 00:45 -------- d-----w- c:\windows\Migration 2014-02-13 17:31 . 2014-02-05 08:49 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2014-02-13 16:11 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-05 00:19 . 2013-08-04 02:49 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-03-05 00:19 . 2011-03-30 22:38 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-03-05 00:19 . 2010-01-30 18:16 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-03-05 00:19 . 2010-01-30 18:16 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-03-05 00:19 . 2013-08-04 02:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-03-05 00:19 . 2010-01-30 18:16 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2014-03-05 00:19 . 2010-01-30 18:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-03-05 00:19 . 2010-10-01 22:09 43152 ----a-w- c:\windows\avastSS.scr 2014-03-05 00:19 . 2010-01-30 18:14 270240 ----a-w- c:\windows\system32\aswBoot.exe 2014-02-21 17:57 . 2012-03-29 16:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-02-21 17:57 . 2011-05-19 07:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-12-18 06:13 . 2009-10-03 09:52 231584 ------w- c:\windows\system32\MpSigStub.exe 2006-06-15 20:33 . 2013-10-01 00:00 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 18:43 . 2013-10-01 00:00 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 14:41 . 2013-10-01 00:00 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 13:10 . 2013-10-01 00:00 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 12:19 . 2013-10-01 00:00 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 18:35 . 2013-10-01 00:00 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 11:10 . 2013-10-01 00:00 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 11:42 . 2013-10-01 00:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 11:22 . 2013-10-01 00:00 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 11:21 . 2013-10-01 00:00 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-03-05 00:19 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864] "AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-03-05 3767096] . c:\users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2014-02-12 20:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series] 2007-04-12 06:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX420W(Network)] 2009-09-14 07:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-03-06 07:58 166424 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe] 2007-05-09 17:01 36864 ----a-w- c:\windows\OEM02Mon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-12-21 09:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-03-06 07:58 133656 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 09:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI] 2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe . S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728] . . --- Other Services/Drivers In Memory --- . *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2014-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:57] . 2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:49] . 2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:49] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\windows\system32\wpclsp.dll Trusted Zone: nationet.com\olb2 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\ . - - - - ORPHANS REMOVED - - - - . HKCU-Run-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe HKCU-Run-ApplePhotoStreams - c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-ApplePhotoStreams - c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSConfigStartUp-ConnectionCenter - c:\program files\Citrix\ICA Client\concentr.exe MSConfigStartUp-Google Update - c:\users\Jo\AppData\Local\Google\Update\GoogleUpdate.exe MSConfigStartUp-googletalk - c:\users\Jo\AppData\Roaming\Google\Google Talk\googletalk.exe MSConfigStartUp-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe AddRemove-Debut - c:\program files\NCH Software\Debut\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-10 14:51 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2014-03-10 14:56:12 ComboFix-quarantined-files.txt 2014-03-10 14:55 . Pre-Run: 8,974,413,824 bytes free Post-Run: 10,270,990,336 bytes free . - - End Of File - - EA73F8BC22C4642201E8A0505068AF6C 5C616939100B85E558DA92B899A0FC36

HI Gringo, Thank you very much for your help. I ran both of those downloads in the order you requested and I shall let you know if I do or don't get another IP-block message. Though it may take a few days of use to see if it pops up again. Here are the log files. Adwcleaner: # AdwCleaner v3.020 - Report created 10/03/2014 at 13:34:43 # Updated 27/02/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : Jo - HOMELAPTOP # Running from : C:\Users\Jo\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\NCH Software Folder Deleted : C:\Program Files\uniblue Folder Deleted : C:\Windows\system32\hotspot shield Folder Deleted : C:\Users\Jo\AppData\Local\Temp\hotspot shield Folder Deleted : C:\Users\Jo\AppData\Roaming\NCH Software Folder Deleted : C:\Users\Jo\AppData\Roaming\Optimizer Pro Folder Deleted : C:\Users\James\AppData\Roaming\NCH Software Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com File Deleted : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\invalidprefs.js File Deleted : C:\Windows\System32\Tasks\NCH Software ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Key Deleted : HKCU\Software\anchorfree Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\NCH Software Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Uniblue Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\NCH Software Key Deleted : HKLM\Software\Tarma Installer Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16533 -\\ Mozilla Firefox v27.0.1 (en-GB) [ File : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\7w1oy7kv.default-1387213464914\prefs.js ] Line Deleted : user_pref("extensions.crossrider.bic", "1445fd564e8577b07d1afda68b986e9f"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.InstallationThankYouPage", false); Line Deleted : user_pref("extensions.crossriderapp14917.14917.InstallationTime", 1393177224); Line Deleted : user_pref("extensions.crossriderapp14917.14917.active", true); Line Deleted : user_pref("extensions.crossriderapp14917.14917.addressbar", "NA"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.addressbarenhanced", ""); Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncdb.was_copied", "true"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncdb_dbWasSet", true); Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncdb_dbWasSet_FF25_FIX", true); Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncinternaldb.was_copied", "true"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncinternaldb_dbWasSet", true); Line Deleted : user_pref("extensions.crossriderapp14917.14917.asyncinternaldb_dbWasSet_FF25_FIX", true); Line Deleted : user_pref("extensions.crossriderapp14917.14917.backgroundver", 6); Line Deleted : user_pref("extensions.crossriderapp14917.14917.certdomaininstaller", ""); Line Deleted : user_pref("extensions.crossriderapp14917.14917.changeprevious", false); Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app14917%22%3A%22app14917%22%2C%22GB%22%3A%22GB%22%7D"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_geolocation.expiration", "Mon Mar 17 2014 12:34:27 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_geolocation.value", "%22GB%22"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_metadata.expiration", "Mon Mar 10 2014 16:14:38 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A14917%2C%22appName%22%3A%22Chat%20Undetected%22%2C%22lastMessageId%22%3A0%2C%22nextCheck%22%[...] Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.InstallationTime.value", "1393177224"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.crossriderapp14917_dbWasSet", true); Line Deleted : user_pref("extensions.crossriderapp14917.14917.crossriderapp14917_dbWasSet_FF25_FIX", true); Line Deleted : user_pref("extensions.crossriderapp14917.14917.description", "Facebook Undetected lets you disable Facebook Messenger’s read receipt feature, preventing others from seeing if you have viewed a message[...] Line Deleted : user_pref("extensions.crossriderapp14917.14917.domain", ""); Line Deleted : user_pref("extensions.crossriderapp14917.14917.enablesearch", false); Line Deleted : user_pref("extensions.crossriderapp14917.14917.homepage", ""); Line Deleted : user_pref("extensions.crossriderapp14917.14917.iframe", false); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_appVer.value", "70"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_lastVersion.value", "1"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_meta.value", "%7B%7D"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_nextCheck.expiration", "Mon Mar 10 2014 15:01:53 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_nextCheck.value", "true"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_queue.value", "%7B%7D"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D%2C%22version%22%3Anull%7[...] Line Deleted : user_pref("extensions.crossriderapp14917.14917.lastDailyReport", "1394442112172"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.lastUpdate", "1394442108386"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.manifesturl", ""); Line Deleted : user_pref("extensions.crossriderapp14917.14917.name", "Chat Undetected"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.newtab", ""); Line Deleted : user_pref("extensions.crossriderapp14917.14917.opensearch", ""); Line Deleted : user_pref("extensions.crossriderapp14917.14917.pluginsversion", 29); Line Deleted : user_pref("extensions.crossriderapp14917.14917.publisher", "Crossrider"); Line Deleted : user_pref("extensions.crossriderapp14917.14917.searchstatus", 0); Line Deleted : user_pref("extensions.crossriderapp14917.14917.setnewtab", false); Line Deleted : user_pref("extensions.crossriderapp14917.14917.updateinterval", 360); Line Deleted : user_pref("extensions.crossriderapp14917.14917.ver", 70); Line Deleted : user_pref("extensions.crossriderapp14917.FilesValidatorDueTime", "1394442164439"); Line Deleted : user_pref("extensions.crossriderapp14917.apps", "14917"); Line Deleted : user_pref("extensions.crossriderapp14917.bic", "1445fd564e8577b07d1afda68b986e9f"); Line Deleted : user_pref("extensions.crossriderapp14917.cid", 14917); Line Deleted : user_pref("extensions.crossriderapp14917.firstrun", false); Line Deleted : user_pref("extensions.crossriderapp14917.hadappinstalled", true); Line Deleted : user_pref("extensions.crossriderapp14917.installationdate", 1393177224); Line Deleted : user_pref("extensions.crossriderapp14917.modetype", "production"); Line Deleted : user_pref("extensions.crossriderapp14917.reportInstall", true); Line Deleted : user_pref("extensions.crossriderapp14917.statsDailyCounter", 21); Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp14917%40crossrider.com:0.94.70,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1"); [ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\kt7i453l.default\prefs.js ] [ File : C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\l4ke6fks.default\prefs.js ] [ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\t6fk57qu.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [11738 octets] - [10/03/2014 13:30:01] AdwCleaner[s0].txt - [11737 octets] - [10/03/2014 13:34:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11798 octets] ########## Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows Vista Home Premium x86 Ran by Jo on 10/03/2014 at 13:43:52.45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-851744489-1852982431-2769218266-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-851744489-1852982431-2769218266-1000\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{60D61572-9EA9-4025-8CCE-0DAE80F4E778} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{98738B23-24B2-4DE2-B121-92BAA727E9F0} ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Jo\AppData\Roaming\mozilla\firefox\profiles\7w1oy7kv.default-1387213464914\minidumps [17 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10/03/2014 at 13:49:01.90 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks again!