mattytun1514

Members
  • Content count

    18
  • Joined

  • Last visited

About mattytun1514

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Hi thanks for all our help......
  2. Hi looks like ESET found something. C:\Users\Brian\Downloads\online-video-hunter.exe a variant of Win32/NetTool.Sniffer.AA application
  3. Hi I had "utorrent" but now deleted it & here is the following logs.... Thanks Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.12.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Brian :: BRIAN-PC [administrator] Protection: Enabled 12/04/2013 10:39:25 mbam-log-2013-04-12 (10-39-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236341 Time elapsed: 2 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:43:14, on 12/04/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Brian\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Ginger Grammar & Spell Checker - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll O2 - BHO: SelectionLinksBHO - {29AAADC9-DA30-4264-BCC4-D447F7146FC1} - (no file) O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file) O4 - Startup: Intel® Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.dell.com O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FlipShare Service - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe O23 - Service: GingerUpdateService - Ginger Software - C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10210 bytes
  4. Hi things going ok ComboFix 13-04-10.02 - Brian 11/04/2013 19:05:34.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6038.4190 [GMT 1:00] Running from: c:\users\Brian\Desktop\ComboFix.exe Command switches used :: c:\users\Brian\Desktop\CFScript.txt AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 ))))))))))))))))))))))))))))))) . . 2013-04-11 18:09 . 2013-04-11 18:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-11 18:09 . 2013-04-11 18:09 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-04-11 18:09 . 2013-04-11 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-10 15:40 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 15:40 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 15:40 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-10 15:39 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 15:39 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 15:39 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 15:39 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 15:39 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 15:39 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-03 17:44 . 2013-04-03 17:44 -------- d-----w- c:\program files\ESET 2013-04-02 16:51 . 2013-04-02 16:51 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-03-30 18:21 . 2013-03-30 18:22 -------- d-----w- c:\program files (x86)\coverXP 2013-03-29 19:00 . 2013-03-29 19:00 -------- d-----w- c:\program files (x86)\Peretek 2013-03-13 15:27 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-10 17:57 . 2011-10-31 16:33 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-09 15:32 . 2012-12-28 17:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-09 15:32 . 2012-12-28 17:00 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-04 13:50 . 2012-11-15 13:44 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-06 11:55 . 2012-11-22 15:22 82816 ----a-w- c:\users\Brian\AppData\Roaming\pcouffin.sys 2013-02-26 17:04 . 2013-02-26 17:04 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-02-26 17:04 . 2013-02-26 17:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-02-26 17:04 . 2013-02-26 17:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-02-26 17:04 . 2013-02-26 17:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-02-26 17:03 . 2013-02-26 17:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-02-26 17:03 . 2013-02-26 17:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-02-26 17:03 . 2013-02-26 17:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-02-26 17:03 . 2013-02-26 17:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-02-26 17:03 . 2013-02-26 17:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-02-26 17:03 . 2013-02-26 17:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-02-26 17:03 . 2013-02-26 17:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-02-26 17:03 . 2013-02-26 17:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-02-26 17:03 . 2013-02-26 17:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-02-26 17:03 . 2013-02-26 17:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-02-26 17:03 . 2013-02-26 17:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-02-26 17:03 . 2013-02-26 17:03 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-02-26 17:03 . 2013-02-26 17:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-02-26 17:03 . 2013-02-26 17:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-02-26 17:03 . 2013-02-26 17:03 81408 ----a-w- c:\windows\system32\icardie.dll 2013-02-26 17:03 . 2013-02-26 17:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-02-26 17:03 . 2013-02-26 17:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-02-26 17:03 . 2013-02-26 17:03 441856 ----a-w- c:\windows\system32\html.iec 2013-02-26 17:03 . 2013-02-26 17:03 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-02-26 17:03 . 2013-02-26 17:03 235008 ----a-w- c:\windows\system32\url.dll 2013-02-26 17:03 . 2013-02-26 17:03 216064 ----a-w- c:\windows\system32\msls31.dll 2013-02-26 17:03 . 2013-02-26 17:03 197120 ----a-w- c:\windows\system32\msrating.dll 2013-02-26 17:03 . 2013-02-26 17:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-02-26 17:03 . 2013-02-26 17:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-02-26 17:03 . 2013-02-26 17:03 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-02-26 17:03 . 2013-02-26 17:03 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-02-26 17:03 . 2013-02-26 17:03 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-26 17:03 . 2013-02-26 17:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-02-26 17:03 . 2013-02-26 17:03 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-02-26 17:03 . 2013-02-26 17:03 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-02-26 17:03 . 2013-02-26 17:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-26 17:03 . 2013-02-26 17:03 144896 ----a-w- c:\windows\system32\wextract.exe 2013-02-26 17:03 . 2013-02-26 17:03 102912 ----a-w- c:\windows\system32\inseng.dll 2013-02-26 17:03 . 2013-02-26 17:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-02-26 17:03 . 2013-02-26 17:03 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-02-26 17:03 . 2013-02-26 17:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-02-26 17:03 . 2013-02-26 17:03 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-02-26 17:03 . 2013-02-26 17:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-26 17:03 . 2013-02-26 17:03 149504 ----a-w- c:\windows\system32\occache.dll 2013-02-26 17:03 . 2013-02-26 17:03 13824 ----a-w- c:\windows\system32\mshta.exe 2013-02-26 17:03 . 2013-02-26 17:03 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-02-26 17:03 . 2013-02-26 17:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-02-26 17:03 . 2013-02-26 17:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-02-26 17:03 . 2013-02-26 17:03 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-02-26 17:03 . 2013-02-26 17:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-02-26 17:02 . 2013-02-26 17:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-02-26 17:02 . 2013-02-26 17:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-02-26 17:02 . 2013-02-26 17:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-02-26 17:02 . 2013-02-26 17:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-02-26 17:02 . 2013-02-26 17:02 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-02-26 17:02 . 2013-02-26 17:02 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-02-26 17:02 . 2013-02-26 17:02 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-02-26 17:02 . 2013-02-26 17:02 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-02-26 17:02 . 2013-02-26 17:02 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-02-26 17:02 . 2013-02-26 17:02 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-02-26 17:02 . 2013-02-26 17:02 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-02-26 17:02 . 2013-02-26 17:02 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-02-26 17:02 . 2013-02-26 17:02 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-02-26 17:02 . 2013-02-26 17:02 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-02-26 17:02 . 2013-02-26 17:02 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-02-26 17:02 . 2013-02-26 17:02 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-02-26 17:02 . 2013-02-26 17:02 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-02-26 17:02 . 2013-02-26 17:02 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-02-26 17:02 . 2013-02-26 17:02 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-02-26 17:02 . 2013-02-26 17:02 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-02-26 17:02 . 2013-02-26 17:02 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-02-26 17:02 . 2013-02-26 17:02 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-02-26 17:02 . 2013-02-26 17:02 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-02-26 17:02 . 2013-02-26 17:02 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-02-26 17:02 . 2013-02-26 17:02 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-02-26 17:02 . 2013-02-26 17:02 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-02-26 17:02 . 2013-02-26 17:02 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-02-26 17:02 . 2013-02-26 17:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240] R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-31 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-20 58416] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2011-12-10 133728] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-25 30056] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2011-12-10 142944] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-20 213416] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-25 284008] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664] S2 GingerUpdateService;GingerUpdateService;c:\program files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [2013-03-28 249128] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-02-06 221720] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] . . Contents of the 'Scheduled Tasks' folder . 2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce08467dd0313.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:04] . 2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm mSearchAssistant = hxxp://www.google.com IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\s880eptu.default\ FF - prefs.js: browser.startup.homepage - google.co.uk FF - ExtSQL: 2013-03-03 14:20; adapter@gingersoftware.com; c:\program files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com . - - - - ORPHANS REMOVED - - - - . BHO-{29AAADC9-DA30-4264-BCC4-D447F7146FC1} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-11 19:11:08 ComboFix-quarantined-files.txt 2013-04-11 18:11 ComboFix2.txt 2013-04-11 16:16 . Pre-Run: 653,906,587,648 bytes free Post-Run: 653,608,574,976 bytes free . - - End Of File - - C55DC5B3CBBD8E92785FBD4E77469BB4
  5. hi dont think im getting the malwarebytes ballon bottom right now when i visit websites ComboFix 13-04-10.02 - Brian 11/04/2013 17:06:24.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6038.4357 [GMT 1:00] Running from: c:\users\Brian\Desktop\ComboFix.exe AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1358608243.bdinstall.bin c:\programdata\1358608640.bdinstall.bin c:\programdata\ntuser.dat c:\users\Brian\AppData\Roaming\inst.exe c:\users\Brian\AppData\Roaming\vso_ts_preview.xml c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . ((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 ))))))))))))))))))))))))))))))) . . 2013-04-11 16:11 . 2013-04-11 16:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-11 16:11 . 2013-04-11 16:11 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-04-11 16:11 . 2013-04-11 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-10 15:40 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 15:40 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 15:40 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-10 15:39 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 15:39 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 15:39 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 15:39 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 15:39 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 15:39 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-03 17:44 . 2013-04-03 17:44 -------- d-----w- c:\program files\ESET 2013-04-02 16:51 . 2013-04-02 16:51 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-03-30 18:21 . 2013-03-30 18:22 -------- d-----w- c:\program files (x86)\coverXP 2013-03-29 19:00 . 2013-03-29 19:00 -------- d-----w- c:\program files (x86)\Peretek 2013-03-13 15:27 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-10 17:57 . 2011-10-31 16:33 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-09 15:32 . 2012-12-28 17:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-09 15:32 . 2012-12-28 17:00 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-04 13:50 . 2012-11-15 13:44 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-06 11:55 . 2012-11-22 15:22 82816 ----a-w- c:\users\Brian\AppData\Roaming\pcouffin.sys 2013-02-26 17:04 . 2013-02-26 17:04 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-02-26 17:04 . 2013-02-26 17:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-02-26 17:04 . 2013-02-26 17:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-02-26 17:04 . 2013-02-26 17:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-02-26 17:03 . 2013-02-26 17:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-02-26 17:03 . 2013-02-26 17:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-02-26 17:03 . 2013-02-26 17:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-02-26 17:03 . 2013-02-26 17:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-02-26 17:03 . 2013-02-26 17:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-02-26 17:03 . 2013-02-26 17:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-02-26 17:03 . 2013-02-26 17:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-02-26 17:03 . 2013-02-26 17:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-02-26 17:03 . 2013-02-26 17:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-02-26 17:03 . 2013-02-26 17:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-02-26 17:03 . 2013-02-26 17:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-02-26 17:03 . 2013-02-26 17:03 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-02-26 17:03 . 2013-02-26 17:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-02-26 17:03 . 2013-02-26 17:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-02-26 17:03 . 2013-02-26 17:03 81408 ----a-w- c:\windows\system32\icardie.dll 2013-02-26 17:03 . 2013-02-26 17:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-02-26 17:03 . 2013-02-26 17:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-02-26 17:03 . 2013-02-26 17:03 441856 ----a-w- c:\windows\system32\html.iec 2013-02-26 17:03 . 2013-02-26 17:03 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-02-26 17:03 . 2013-02-26 17:03 235008 ----a-w- c:\windows\system32\url.dll 2013-02-26 17:03 . 2013-02-26 17:03 216064 ----a-w- c:\windows\system32\msls31.dll 2013-02-26 17:03 . 2013-02-26 17:03 197120 ----a-w- c:\windows\system32\msrating.dll 2013-02-26 17:03 . 2013-02-26 17:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-02-26 17:03 . 2013-02-26 17:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-02-26 17:03 . 2013-02-26 17:03 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-02-26 17:03 . 2013-02-26 17:03 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-02-26 17:03 . 2013-02-26 17:03 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-26 17:03 . 2013-02-26 17:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-02-26 17:03 . 2013-02-26 17:03 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-02-26 17:03 . 2013-02-26 17:03 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-02-26 17:03 . 2013-02-26 17:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-26 17:03 . 2013-02-26 17:03 144896 ----a-w- c:\windows\system32\wextract.exe 2013-02-26 17:03 . 2013-02-26 17:03 102912 ----a-w- c:\windows\system32\inseng.dll 2013-02-26 17:03 . 2013-02-26 17:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-02-26 17:03 . 2013-02-26 17:03 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-02-26 17:03 . 2013-02-26 17:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-02-26 17:03 . 2013-02-26 17:03 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-02-26 17:03 . 2013-02-26 17:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-26 17:03 . 2013-02-26 17:03 149504 ----a-w- c:\windows\system32\occache.dll 2013-02-26 17:03 . 2013-02-26 17:03 13824 ----a-w- c:\windows\system32\mshta.exe 2013-02-26 17:03 . 2013-02-26 17:03 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-02-26 17:03 . 2013-02-26 17:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-02-26 17:03 . 2013-02-26 17:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-02-26 17:03 . 2013-02-26 17:03 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-02-26 17:03 . 2013-02-26 17:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-02-26 17:02 . 2013-02-26 17:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-02-26 17:02 . 2013-02-26 17:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-02-26 17:02 . 2013-02-26 17:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-02-26 17:02 . 2013-02-26 17:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-02-26 17:02 . 2013-02-26 17:02 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-02-26 17:02 . 2013-02-26 17:02 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-02-26 17:02 . 2013-02-26 17:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-02-26 17:02 . 2013-02-26 17:02 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-02-26 17:02 . 2013-02-26 17:02 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-02-26 17:02 . 2013-02-26 17:02 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-02-26 17:02 . 2013-02-26 17:02 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-02-26 17:02 . 2013-02-26 17:02 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-02-26 17:02 . 2013-02-26 17:02 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-02-26 17:02 . 2013-02-26 17:02 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-02-26 17:02 . 2013-02-26 17:02 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-02-26 17:02 . 2013-02-26 17:02 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-02-26 17:02 . 2013-02-26 17:02 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-02-26 17:02 . 2013-02-26 17:02 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-02-26 17:02 . 2013-02-26 17:02 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-02-26 17:02 . 2013-02-26 17:02 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-02-26 17:02 . 2013-02-26 17:02 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-02-26 17:02 . 2013-02-26 17:02 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-02-26 17:02 . 2013-02-26 17:02 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-02-26 17:02 . 2013-02-26 17:02 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-02-26 17:02 . 2013-02-26 17:02 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-02-26 17:02 . 2013-02-26 17:02 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-02-26 17:02 . 2013-02-26 17:02 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-02-26 17:02 . 2013-02-26 17:02 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-02-26 17:02 . 2013-02-26 17:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240] R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-31 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-20 58416] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2011-12-10 133728] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-25 30056] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2011-12-10 142944] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-20 213416] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-25 284008] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664] S2 GingerUpdateService;GingerUpdateService;c:\program files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [2013-03-28 249128] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-02-06 221720] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] . . Contents of the 'Scheduled Tasks' folder . 2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce08467dd0313.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:04] . 2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm mSearchAssistant = hxxp://www.google.com IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\s880eptu.default\ FF - prefs.js: browser.startup.homepage - google.co.uk FF - ExtSQL: 2013-03-03 14:20; adapter@gingersoftware.com; c:\program files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com . - - - - ORPHANS REMOVED - - - - . BHO-{29AAADC9-DA30-4264-BCC4-D447F7146FC1} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-04-11 17:16:15 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-11 16:16 . Pre-Run: 654,076,284,928 bytes free Post-Run: 653,792,272,384 bytes free . - - End Of File - - FB58E7333DC3D35891A84A3C3E39AF9F
  6. Hi thanks here is the logs Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! ESET Smart Security 6.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.7.700.169 Mozilla Firefox (20.0) ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` # AdwCleaner v2.200 - Logfile created 04/11/2013 at 16:11:41 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Brian - BRIAN-PC # Boot Mode : Normal # Running from : C:\Users\Brian\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\s880eptu.default\jetpack ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Mozilla Firefox v20.0 (en-GB) File : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\s880eptu.default\prefs.js C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\s880eptu.default\user.js ... Deleted ! [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1659 octets] - [11/04/2013 16:11:41] ########## EOF - C:\AdwCleaner[s1].txt - [1719 octets] ########## RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Brian [Admin rights] Mode : Scan -- Date : 04/11/2013 16:24:11 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD7500BPKT-75PK4T0 +++++ --- User --- [MBR] c4d441a27258bc95be2bbf548713c1b2 [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04112013_02d1624.txt >> RKreport[1]_S_04112013_02d1624.txt
  7. Hi ive been told to post my log ive been getting "malwarebytes pop-up ballon in bottom right corner of screen" when I visit most websites DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Brian at 15:37:37 on 2013-04-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6038.3985 [GMT 1:00] . AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Ginger\GingerServices\GingerServices.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ mSearchAssistant = hxxp://www.google.com BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll BHO: {29AAADC9-DA30-4264-BCC4-D447F7146FC1} - <orphaned> BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.0.1 TCP: Interfaces\{1AAD145D-8198-408B-83CB-EFC3604F4411} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{1AAD145D-8198-408B-83CB-EFC3604F4411}\24259414E4D20534F5E4564777F627B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{1AAD145D-8198-408B-83CB-EFC3604F4411}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23 AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll x64-BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\s880eptu.default\ FF - prefs.js: browser.startup.homepage - google.co.uk FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - ExtSQL: 2013-03-03 14:20; adapter@gingersoftware.com; C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com . ---- FIREFOX POLICIES ---- user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false); ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-2-20 58416] R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2011-12-10 133728] R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-25 30056] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-11 55856] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-10-11 21616] R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\System32\drivers\vsflt61.sys [2011-12-10 142944] R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-1-10 59440] R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-10-25 284008] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-10-11 98208] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664] R2 GingerUpdateService;GingerUpdateService;C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [2013-3-28 249128] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-11 2656280] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-10-11 27760] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-10-11 176096] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-11 317440] R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2013-2-13 221720] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-10-11 82432] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-10-11 181760] R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-10-11 29288] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-15 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-15 701512] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-3-21 48488] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-10-11 158976] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-15 25928] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-28 340240] S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-10-11 121960] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-2 19456] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-2 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-2 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-31 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2013-04-10 15:40:57 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 15:40:56 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 15:40:47 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-10 15:39:24 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 15:39:24 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-10 15:39:23 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-10 15:39:23 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-10 15:39:23 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-10 15:39:23 112640 ----a-w- C:\Windows\System32\smss.exe 2013-04-03 17:44:50 -------- d-----w- C:\Program Files\ESET 2013-04-02 16:51:23 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-03-30 18:21:57 -------- d-----w- C:\Program Files (x86)\coverXP 2013-03-29 19:00:40 -------- d-----w- C:\Program Files (x86)\Peretek 2013-03-13 15:27:32 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ==================== Find3M ==================== . 2013-04-09 15:32:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-09 15:32:14 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-06 11:55:17 99384 ----a-w- C:\Users\Brian\AppData\Roaming\inst.exe 2013-03-06 11:55:17 82816 ----a-w- C:\Users\Brian\AppData\Roaming\pcouffin.sys 2013-02-26 17:04:00 226304 ----a-w- C:\Windows\System32\elshyph.dll 2013-02-26 17:04:00 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll 2013-02-26 17:04:00 158720 ----a-w- C:\Windows\SysWow64\msls31.dll 2013-02-26 17:04:00 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2013-02-26 17:02:58 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-20 10:07:40 58416 ----a-w- C:\Windows\System32\drivers\epfwwfp.sys 2013-02-20 10:07:38 213416 ----a-w- C:\Windows\System32\drivers\eamonm.sys 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-17 12:25:36 1544704 ----a-w- C:\Windows\is-E8BAV.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-10 17:24:06 35376 ----a-w- C:\Windows\System32\drivers\oanet.sys 2013-02-06 21:28:46 221720 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys 2013-01-19 15:19:10 28518 ----a-w- C:\ProgramData\1358608640.bdinstall.bin 2013-01-19 15:11:09 45013 ----a-w- C:\ProgramData\1358608243.bdinstall.bin . ============= FINISH: 15:37:56.82 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 29/10/2011 13:40:23 System Uptime: 11/04/2013 12:08:45 (3 hours ago) . Motherboard: Dell Inc. | | 0NJT03 Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 679 GiB total, 608.547 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP451: 02/04/2013 13:48:01 - Configured Ginger RP452: 03/04/2013 18:43:54 - Installed ESET Smart Security RP453: 05/04/2013 16:33:43 - Removed WinZip 17.0 RP454: 05/04/2013 16:35:04 - Removed WinZip 17.0 RP455: 05/04/2013 16:35:47 - Removed WinZip 17.0 RP456: 05/04/2013 16:36:47 - Removed WinZip 17.0 RP457: 05/04/2013 16:39:03 - Installed Radio Downloader RP458: 05/04/2013 16:46:37 - Revo Uninstaller's restore point - File Identifier version 1.0.2 RP459: 05/04/2013 16:47:15 - Removed Radio Downloader RP460: 07/04/2013 10:31:08 - Installed Radio Downloader RP461: 07/04/2013 10:34:57 - Removed Radio Downloader RP462: 10/04/2013 18:54:31 - Windows Update . ==== Installed Programs ====================== . AccelerometerP11 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Advanced Audio FX Engine µTorrent Bing Bar Platform Canon MP Navigator EX 1.0 Canon MP610 series Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu Capture View CCleaner CD-LabelPrint coverXP (remove only) D3DX10 Dell Edoc Viewer Dell Webcam Central DHTML Editing Component DirectX 9 Runtime ESET Smart Security FlipShare Foxit Reader Ginger Google Update Helper High-Definition Video Playback Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor 2.0 Junk Mail filter update K-Lite Codec Pack 9.8.5 (Full) Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Default Manager Microsoft Primary Interoperability Assemblies 2005 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Mozilla Firefox 20.0 (x86 en-GB) Mozilla Maintenance Service MP3jam 1.0.0.5 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 10 Movie ThemePack Basic Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 NVIDIA Control Panel 307.21 NVIDIA Graphics Driver 307.21 NVIDIA Install Application NVIDIA Optimus 1.10.8 NVIDIA Update 1.10.8 NVIDIA Update Components PhotoShowExpress PlayReady PC Runtime x86 Quickset64 RBVirtualFolder64Inst Realtek High Definition Audio Driver Revo Uninstaller 1.94 RoboForm 7-8-8-5 (All Users) Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Sonic CinePlayer Decoder Pack SpywareBlaster 5.0 SUPERAntiSpyware Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VSO ConvertXToDVD Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.2 . ==== Event Viewer Messages From Past Week ======== . 11/04/2013 12:11:29, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 11/04/2013 12:11:29, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 10/04/2013 11:43:51, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 10/04/2013 11:43:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/04/2013 11:43:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 10/04/2013 11:43:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/04/2013 11:43:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/04/2013 11:43:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/04/2013 11:43:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/04/2013 11:43:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache eamonm ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/04/2013 11:43:29, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 07/04/2013 18:55:09, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File ===========================
  8. Thanks for help CheckResults.txt dds.txt attach.txt
  9. Hi do i have to zip the files
  10. Thanks now done..
  11. Hi ive just updated to the latest version of Malwarebytes and I'm now getting a pop-up in the bottom of my screen when I visit most web sites any ideas please.....
  12. Sine doing the update I'm getting the little bubble pop-up when I visit most web pages any ideas..........
  13. Worker perfect the "Download and install program update if available" was not ticked................
  14. Hi when I click on update I don't get the latest version.
  15. thanks its still the best programout there keep good work up...