Jump to content

Infected PC - bundled MixiDJ spy/malware


Recommended Posts

HI,

After a cnet download yesterday, my wife's new windows 8 laptop started misbehaving. Apparently Mixi.DJ toolbar was installed in chrome browser which quickly took control of all the browsers. In an attempt to remove this toolbar spyhunter4 was briefly installed.

Now both of these have been uninstalled but there are still effects on the machine but these nothing is being picked by by malware or virus scanners.

We're very grateful for any assistance!

Thx

Steve

+++++++++++

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16519

Run by Taryn at 17:28:26 on 2013-03-20

Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.7642.4463 [GMT 0:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Windows\SysWOW64\schtasks.exe

C:\Windows\system32\dashost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files\McAfee\AppStats\MfeASUM.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe

C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\valWBFPolicyService.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\PROGRA~1\McAfee\MSC\McAPExe.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

C:\Program Files\Common Files\AuthenTec\TrueService.exe

C:\Program Files\Common Files\AuthenTec\TrueService.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

C:\Users\Taryn\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\ProgramData\MFAData\pack\avgrunasx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\ProgramData\MFAData\pack\avgmfapx.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\McAfee\MAT\McPvTray.exe

C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\HP SimplePass\TouchControl.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"

mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Taryn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Taryn\AppData\Roaming\Dropbox\bin\Dropbox.exe

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{8DDC1A49-ACD3-46F0-84FD-BE2E183F4DA0} : DHCPNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]

R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]

R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\Drivers\amdkmpfd.sys [2012-7-10 35496]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-2-8 45880]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-11-9 771096]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-11-9 339776]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2012-12-15 56336]

R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-2-26 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-2-24 247608]

R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-1 92536]

R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\McAfee\AppStats\MfeASKM.sys [2013-2-1 31408]

R1 MOBKFilter;MOBKFilter;C:\Windows\System32\Drivers\MOBK.sys [2013-2-1 66040]

R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]

R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-1 199008]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-2-19 1418184]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]

R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-3-19 2569168]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]

R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-20 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-20 682344]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-2-1 103472]

R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856]

R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\Drivers\McPvDrv.sys [2013-2-1 74120]

R2 MfeASUM;McAfee Application Statistics Service;C:\Program Files\McAfee\AppStats\MfeASUM.exe [2013-2-1 335216]

R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-2-1 1007288]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-1 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-1 177680]

R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-2-13 1861288]

R2 Sage AutoUpdate Manager Service;Sage AutoUpdate Manager Service;C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [2012-7-5 8192]

R2 Sage SData Service;Sage SData Service;C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [2012-5-17 53248]

R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-8-18 28160]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472]

R3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-11-9 69672]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-20 24176]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-11-9 309400]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-11-9 515528]

R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2012-11-2 328976]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-9-1 1958984]

R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-1 294544]

R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2012-8-9 695392]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-1 690832]

R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-1 41272]

R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-1 57000]

R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]

R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-12-17 23552]

R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]

S0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-2-8 71480]

S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-2-1 69168]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]

S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]

S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]

S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-8-8 48736]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-2-1 197264]

S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2012-11-2 97208]

S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-1 43832]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

.

=============== Created Last 30 ================

.

2013-03-20 12:23:22 -------- d-----w- C:\Users\Taryn\AppData\Roaming\Malwarebytes

2013-03-20 12:23:00 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-20 12:22:49 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-20 12:22:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-20 12:22:31 -------- d-----w- C:\Users\Taryn\AppData\Local\Programs

2013-03-20 11:54:01 -------- d-----w- C:\Users\Taryn\AppData\Roaming\AVG2013

2013-03-20 11:53:08 -------- d-----w- C:\Users\Taryn\AppData\Roaming\TuneUp Software

2013-03-20 11:49:49 -------- d--h--w- C:\$AVG

2013-03-20 11:49:48 -------- d-----w- C:\ProgramData\AVG2013

2013-03-20 11:49:10 -------- d-----w- C:\Program Files (x86)\AVG

2013-03-20 11:30:32 -------- d--h--w- C:\ProgramData\Common Files

2013-03-20 11:30:31 -------- d-----w- C:\Users\Taryn\AppData\Local\MFAData

2013-03-20 11:30:31 -------- d-----w- C:\Users\Taryn\AppData\Local\Avg2013

2013-03-20 11:30:31 -------- d-----w- C:\ProgramData\MFAData

2013-03-20 10:06:24 -------- d-----w- C:\Program Files\Enigma Software Group

2013-03-20 10:05:58 -------- d-----w- C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP

2013-03-20 10:05:54 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-03-19 23:52:44 -------- d-----w- C:\Program Files (x86)\EPSViewer

2013-03-19 23:49:44 -------- d-----w- C:\Windows\SysWow64\searchplugins

2013-03-19 23:49:44 -------- d-----w- C:\Windows\SysWow64\Extensions

2013-03-19 23:49:20 -------- d-----w- C:\ProgramData\BrowserProtect

2013-03-19 23:46:01 -------- d-----w- C:\Users\Taryn\AppData\Roaming\Babylon

2013-03-19 23:46:01 -------- d-----w- C:\ProgramData\Babylon

2013-03-17 11:36:41 -------- d-----w- C:\Program Files\iPod

2013-03-17 11:36:40 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-17 11:36:40 -------- d-----w- C:\Program Files\iTunes

2013-03-17 11:36:40 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-14 10:24:59 700928 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll

2013-03-14 10:23:52 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll

2013-03-14 10:23:51 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll

2013-03-14 10:23:49 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-03-14 10:23:49 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-03-14 10:23:49 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2013-03-14 10:23:49 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2013-03-14 10:23:46 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll

2013-03-14 10:23:45 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-03-12 11:26:04 192784 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10196.bin

2013-03-11 16:12:18 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-02-27 12:36:20 1010688 ----a-w- C:\Windows\System32\reseteng.dll

2013-02-27 12:36:19 443392 ----a-w- C:\Windows\System32\ReAgent.dll

2013-02-27 12:36:19 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

2013-02-26 23:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-02-25 12:30:28 150600 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

2013-02-25 12:30:04 1274456 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\pidgenx.dll

2013-02-24 23:37:28 247608 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys

2013-02-22 05:13:58 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2013-02-22 05:13:58 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

.

==================== Find3M ====================

.

2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll

2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys

2013-02-08 04:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-02-08 04:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-02-08 04:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-02-08 04:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-02-08 04:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys

2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll

2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll

2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll

2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll

2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll

2013-02-05 04:58:01 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-05 04:56:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-02-04 22:39:47 2246656 ----a-w- C:\Windows\System32\wininet.dll

2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll

2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS

2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys

2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys

2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll

2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe

2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe

2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe

2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll

2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll

2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll

2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll

2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll

2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll

2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll

2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll

2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll

2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll

2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll

2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe

2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe

2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll

2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll

2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll

2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll

2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll

2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll

2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll

2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll

2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll

2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll

2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll

2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll

2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll

2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll

2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll

2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll

2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys

2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys

2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe

2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe

2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll

2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll

2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll

2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll

2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll

2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL

2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe

2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe

2013-01-09 23:23:23 240640 ----a-w- C:\Windows\System32\fsquirt.exe

2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll

.

============= FINISH: 17:29:04.74 ===============

++++++++++++++++++++++++++++++.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 08/12/2012 13:57:52

System Uptime: 20/03/2013 11:41:51 (6 hours ago)

.

Motherboard: Hewlett-Packard | | 18A7

Processor: AMD A8-4500M APU with Radeon™ HD Graphics | Socket FT1 | 1900/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 912 GiB total, 840.158 GiB free.

D: is FIXED (NTFS) - 19 GiB total, 2.409 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP16: 27/02/2013 12:43:52 - Windows Update

RP17: 08/03/2013 09:53:56 - McAfee Vulnerability Scanner

RP18: 14/03/2013 10:48:40 - Windows Update

RP19: 15/03/2013 11:51:24 - McAfee Vulnerability Scanner

RP20: 17/03/2013 11:22:15 - Installed iCloud

RP21: 20/03/2013 00:12:44 - Removed MixiDJ Chrome Toolbar

.

==== Installed Programs ======================

.

Accounts

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 11

Adobe Premiere Elements 11

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 11.6

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD Quick Stream

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AuthenTec TrueAPI 64-bit

AVG 2013

Bonjour

BrowserProtect

Canon MG5200 series MP Drivers

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Connected Music powered by Universal Music Group version 1.0

CyberLink LabelPrint

CyberLink Media Suite 10

CyberLink PhotoDirector

CyberLink Power2Go 8

CyberLink PowerDirector 10

CyberLink PowerDVD

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

Elements 11 Organizer

Energy Star

EPS Viewer

Google Chrome

Google Update Helper

Hewlett-Packard ACLM.NET v1.2.1.1

HP 3D DriveGuard

HP Connected Music (Meridian - installer)

HP CoolSense

HP Customer Experience Enhancements

HP Documentation

HP Games

HP Postscript Converter

HP Quick Launch

HP Recovery Manager

HP Registration Service

HP SimplePass

HP Software Framework

HP Support Assistant

HP Utility Center

HP Wireless Button Driver

iCloud

IDT Audio

iTunes

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee All Access – Total Protection

McAfee Online Backup

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook 2013 - en-us

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

PRE11 STI 64Installer

PSE11 STI Installer

Ralink Bluetooth Stack64

Ralink RT3290 802.11bgn Wi-Fi Adapter

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Sage 50 Accounts 2013

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shared C Run-time for x64

swMSM

Synaptics Pointing Device Driver

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Validity WBF DDK

Visual Studio 2010 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

20/03/2013 16:54:59, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.74 did not allow the name to be claimed by this computer.

20/03/2013 15:04:42, Error: Microsoft-Windows-HttpEvent [15011] - Unable to create the error log file. Make sure that the error logging directory is correct.

20/03/2013 11:42:15, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

20/03/2013 11:42:11, Error: Service Control Manager [7019] - The EsgScanner service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.

20/03/2013 11:42:11, Error: Service Control Manager [7018] - Detected circular dependencies auto-starting services. Check the service dependency tree.

20/03/2013 01:09:58, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfecore service.

19/03/2013 23:49:59, Error: Service Control Manager [7030] - The SProtection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

17/03/2013 11:32:39, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.

17/03/2013 11:31:39, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

17/03/2013 11:31:13, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

13/03/2013 13:04:36, Error: bowser [8003] - The master browser has received a server announcement from the computer STEVEO_LAP-TOSH that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8DDC1A49-ACD3-46F0-84FD-BE2E183F4DA0}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please uninstall BrowserProtect from your add/remove programs.

Then..........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

HI MrC,

Thanks for helping,

Deleted Browserprotector

Below are the output Roguekiller generated info

Tks

Steve

+++++++++++++++++++++++++++++++++++++++++++++++

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Taryn [Admin rights]

Mode : Scan -- Date : 03/20/2013 19:03:49

| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] avgrunasx.exe -- C:\ProgramData\MFAData\pack\avgrunasx.exe [7] -> KILLED [TermProc]

[sUSP PATH] avgmfapx.exe -- C:\ProgramData\MFAData\pack\avgmfapx.exe [7] -> KILLED [TermThr]

[RESIDUE] avgmfapx.exe -- C:\ProgramData\MFAData\pack\avgmfapx.exe [7] -> KILLED [TermThr]

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 SATA Disk Device +++++

--- User ---

[MBR] 59be4e3c38f76117d48be273b1c991be

[bSP] a86393ff34ce3cdfe6517bd02ffac930 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 953869 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03202013_02d1903.txt >>

RKreport[1]_S_03202013_02d1903.txt

+++++++++++++++++++++++++++++++++++++++++++++++++

Time : 20/03/2013 19:03:49

--------------------------

[avgrunasx.exe.vir] -> C:\ProgramData\MFAData\pack\avgrunasx.exe

[avgmfapx.exe.vir] -> C:\ProgramData\MFAData\pack\avgmfapx.exe

[avgmfapx.exe.vir] -> C:\ProgramData\MFAData\pack\avgmfapx.exe

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

MrC

Link to post
Share on other sites

HI MrC

Here's the file, I don't see anything that I immediately recognised as being needed.

Thanks

S

+++++++++++++++++++++++++++

# AdwCleaner v2.115 - Logfile created 03/20/2013 at 19:28:41

# Updated 17/03/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : Taryn - TARYN_HP

# Boot Mode : Normal

# Running from : C:\Users\Taryn\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\BrowserProtect

Folder Found : C:\Users\Taryn\AppData\Local\Temp\boost_interprocess

Folder Found : C:\Users\Taryn\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Iminent

Key Found : HKCU\Software\f55dcd8e268eb45

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Found : HKLM\SOFTWARE\Wow6432Node\f55dcd8e268eb45

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKU\S-1-5-21-1981887922-2588862167-3017708501-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-1981887922-2588862167-3017708501-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Taryn\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2481] : urls_to_restore_on_startup = [ "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=DC21083E8E00F265" ]

*************************

AdwCleaner[R1].txt - [10742 octets] - [20/03/2013 19:28:41]

########## EOF - C:\AdwCleaner[R1].txt - [10803 octets] ##########

Link to post
Share on other sites

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Here is the content of the file post removal

# AdwCleaner v2.115 - Logfile created 03/20/2013 at 19:46:08

# Updated 17/03/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : Taryn - TARYN_HP

# Boot Mode : Normal

# Running from : C:\Users\Taryn\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\BrowserProtect

Folder Deleted : C:\Users\Taryn\AppData\Local\Temp\boost_interprocess

Folder Deleted : C:\Users\Taryn\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKCU\Software\f55dcd8e268eb45

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\f55dcd8e268eb45

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Taryn\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2481] : urls_to_restore_on_startup = [ "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mnt[...]

*************************

AdwCleaner[R1].txt - [10779 octets] - [20/03/2013 19:28:41]

AdwCleaner[R2].txt - [10840 octets] - [20/03/2013 19:45:37]

AdwCleaner[s1].txt - [10768 octets] - [20/03/2013 19:46:08]

########## EOF - C:\AdwCleaner[s1].txt - [10829 octets] ##########

Link to post
Share on other sites

Here is the most recent file content:

2013/03/20 12:24:37 GMT TARYN_HP Taryn MESSAGE IP Protection stopped successfully

2013/03/20 12:24:42 GMT TARYN_HP Taryn MESSAGE Database refreshed successfully

2013/03/20 12:24:42 GMT TARYN_HP Taryn MESSAGE Starting IP protection

2013/03/20 12:24:53 GMT TARYN_HP Taryn MESSAGE IP Protection started successfully

2013/03/20 17:23:25 GMT TARYN_HP Taryn MESSAGE Stopping protection

2013/03/20 17:23:25 GMT TARYN_HP Taryn MESSAGE Protection stopped successfully

2013/03/20 17:23:27 GMT TARYN_HP Taryn MESSAGE Stopping IP protection

2013/03/20 17:23:28 GMT TARYN_HP Taryn MESSAGE IP Protection stopped successfully

2013/03/20 19:51:24 GMT TARYN_HP (null) MESSAGE Starting protection

2013/03/20 19:51:24 GMT TARYN_HP (null) MESSAGE Protection started successfully

2013/03/20 19:51:24 GMT TARYN_HP (null) MESSAGE Starting IP protection

2013/03/20 19:51:35 GMT TARYN_HP Taryn MESSAGE IP Protection started successfully

2013/03/20 19:56:17 GMT TARYN_HP Taryn IP-BLOCK 217.41.223.104 (Type: outgoing, Port: 49246, Process: chrome.exe)

2013/03/20 19:56:17 GMT TARYN_HP Taryn IP-BLOCK 217.41.223.104 (Type: outgoing, Port: 49247, Process: chrome.exe)

2013/03/20 19:56:18 GMT TARYN_HP Taryn IP-BLOCK 217.41.223.104 (Type: outgoing, Port: 49248, Process: chrome.exe)

2013/03/20 19:56:18 GMT TARYN_HP Taryn IP-BLOCK 217.41.223.104 (Type: outgoing, Port: 49249, Process: chrome.exe)

2013/03/20 19:56:26 GMT TARYN_HP Taryn IP-BLOCK 217.41.223.104 (Type: outgoing, Port: 49256, Process: chrome.exe)

2013/03/20 20:08:55 GMT TARYN_HP Taryn IP-BLOCK 217.41.223.104 (Type: outgoing, Port: 49409, Process: chrome.exe)

Link to post
Share on other sites

It's possible that what your are seeing is Malwarebytes doing its job.

Here's that IP address....does it look familiar to you:

13272907.png

---------------------------

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

I forgot to mention that you can't have 2 anti-virus programs on the system.

You have AVG, McAfee...pick one and uninstall the other.

Having 2 anti-virus programs doesn't provide extra protects, it only causes conflicts between the 2 programs.

Please pick one as you anti-virus and uninstall the other.

------------------------------------------------

After doing that, pleaae reboot and let me know how it is. MrC

Link to post
Share on other sites

MrC

Removed AVG and rebooted,

Chrome and IE still attempting to access the IP 217.41.223.104 this was not on all websites and was notably on Facebook.com.

NOTE: when we were trying to download the earlier roguekiller software, the browser would instead link to facebook rather than the correct URL.

Still quite concerned that there is something trying to download or upload information.

Thanks

steve

Link to post
Share on other sites

OK, one problem we have is that a lot of the tools we use don't work on W8 yet.

But we can run some scans......

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Here are the logs,

Nothing was detected or cleaned and strangly the stopped IP block message has not recurred since performing the scan too. So maybe normal operation?

Tks

Steve

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

www.malwarebytes.org

Database version: v2013.03.20.12

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16519

Taryn :: TARYN_HP [administrator]

20/03/2013 22:31:29

mbar-log-2013-03-20 (22-31-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 9180

Time elapsed: 38 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

++++++++++++++++++++++++++++++++++++++

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16519

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.896000 GHz

Memory total: 8013484032, free: 5589594112

------------ Kernel report ------------

03/20/2013 21:52:29

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\amd_sata.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\amd_xata.sys

\SystemRoot\System32\drivers\EhStorClass.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\hpdskflt.sys

\SystemRoot\System32\drivers\amdkmpfd.sys

\SystemRoot\System32\drivers\wd.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\system32\DRIVERS\MOBK.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\??\C:\Program Files\McAfee\AppStats\MfeASKM.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\System32\drivers\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\RtsBaStor.sys

\SystemRoot\system32\DRIVERS\Rt630x64.sys

\SystemRoot\system32\DRIVERS\netr28x.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\rtbth.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\System32\drivers\usbohci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\system32\DRIVERS\Smb_driver_AMDASF.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\System32\drivers\WirelessButtonDriver64.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\System32\Drivers\BtAudioBus.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\system32\drivers\AtihdW86.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\Drivers\IvtUrbBtFlt.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\BthLEEnum.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\System32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\System32\Drivers\BtL2caScoIf.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\mfencbdc.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amd_sata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\System32\drivers\WinUSB.sys

\SystemRoot\System32\drivers\WUDFRd.sys

\SystemRoot\system32\DRIVERS\appexDrv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\McPvDrv.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\system32\drivers\cfwids.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\drivers\WSDPrint.sys

\SystemRoot\System32\drivers\WSDScan.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8008140060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000002b\

Lower Device Object: 0xfffffa80081127f0

Lower Device Driver Name: \Driver\amd_sata\

Driver name found: amd_sata

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)

Load Function returned 0x0

Downloaded database version: v2013.03.20.12

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 4

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8008140060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008140b10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008140060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8008096b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xfffffa800697f040, DeviceName: Unknown, DriverName: \Driver\amd_xata\

DevicePointer: 0xfffffa80081127f0, DeviceName: \Device\0000002b\, DriverName: \Driver\amd_sata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0xfffff8a00df00e30, 0xfffffa8008140060, 0xfffffa800dc1d090

Lower DeviceData: 0xfffff8a0003f50f0, 0xfffffa80081127f0, 0xfffffa80072a29c0

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 11FB3334

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)

Partition is NOT ACTIVE.

Partition starts at LBA: 1 Numsec = 1953525167

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254

GPT Header Revision 65536 Size 92 CRC 437006278

GPT Header CurrentLba = 1 BackupLba 1953525167

GPT Header FirstUsableLba 34 LastUsableLba 1953525134

GPT Header Guid a07862c1-54f1-47ec-82a0-5da27c8ea545

GPT Header Contains 128 partition entries starting at LBA 2

GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254

Backup GPT header Revision 65536 Size 92 CRC 437006278

Backup GPT header CurrentLba = 1953525167 BackupLba 1

Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134

Backup GPT header Guid a07862c1-54f1-47ec-82a0-5da27c8ea545

Backup GPT header Contains 128 partition entries starting at LBA 1953525135

Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

Partition ID c94212b6-bf32-4bef-927f-d76ade434ff4

FirstLBA 2048 Last LBA 821247

Attributes 1

Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

Partition ID c10ee97b-8fd8-467f-9d6c-624dddcec58

FirstLBA 821248 Last LBA 1353727

Attributes 0

Partition Name EFI system partition

GPT Partition 1 is bootable

Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

Partition ID a69db083-dfc6-4f25-9b63-40e1a830fd6b

FirstLBA 1353728 Last LBA 1615871

Attributes 0

Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID e8902853-f7f-46c8-b926-60ca6d9940fb

FirstLBA 1615872 Last LBA 1913204735

Attributes 0

Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID 7b09071b-7506-4af3-9462-4383a6c631a

FirstLBA 1913204736 Last LBA 1953523711

Attributes 1

Partition Name Basic data partition

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.