View Full Version : Malware Infection
Redirected from google sites to a variety of unwanted sites
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.15.2
Run by Jayne at 13:37:57 on 2013-03-03
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3069.1299 [GMT 0:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Photo Gallery\Helper\EyeFiHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jayne\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Betting Assistant\Betting Assistant.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\ERUNT\ERUNT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=4081218
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Eye-Fi] "c:\program files\windows photo gallery\helper\EyeFiHelper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\jayne\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\users\jayne\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\jayne\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jayne\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{A3739997-8883-44FE-B40A-152D29022AF8} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-2-13 102008]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-8-31 18544]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-3-2 33112]
R1 RapportCerberus_50414;RapportCerberus_50414;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_50414.sys [2013-2-23 316984]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-2-13 102680]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-2-13 173880]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-18 73728]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-2-13 1124184]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-3-2 968880]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2013-2-21 55448]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PCloudCleanerService;Panda Security CloudCLeaner Service;c:\windows\system32\PCloudCleanerService.EXE [2013-3-2 83168]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-12-18 209408]
.
=============== Created Last 30 ================
.
2013-03-02 16:18:21 32120 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-02 16:18:16 21880 ----a-w- c:\windows\system32\authuitu.dll
2013-03-02 16:06:04 -------- d-----w- c:\users\jayne\appdata\roaming\AVG2013
2013-03-02 15:46:41 -------- d-----w- c:\users\jayne\appdata\local\AVG Secure Search
2013-03-02 15:46:34 -------- d-----w- c:\programdata\AVG Secure Search
2013-03-02 15:46:28 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-02 15:46:24 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-03-02 15:46:23 -------- d-----w- c:\program files\AVG Secure Search
2013-03-02 15:42:28 -------- d--h--w- C:\$AVG
2013-03-02 15:42:27 -------- d-----w- c:\programdata\AVG2013
2013-03-02 15:40:23 -------- d-----w- c:\program files\AVG
2013-03-02 15:37:50 -------- d-----w- c:\users\jayne\appdata\local\MFAData
2013-03-02 15:37:50 -------- d-----w- c:\users\jayne\appdata\local\Avg2013
2013-03-02 15:37:50 -------- d-----w- c:\programdata\MFAData
2013-03-02 12:07:27 83168 ----a-w- c:\windows\system32\PCloudCleanerService.EXE
2013-03-02 12:07:21 9464 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2013-03-02 12:07:21 9464 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2013-03-02 12:07:21 59640 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2013-03-02 12:07:21 31480 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-03-02 12:07:21 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2013-03-02 12:07:21 28024 ----a-w- c:\windows\system32\drivers\PRSBDRVR.SYS
2013-03-02 12:07:21 27896 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2013-03-02 12:07:21 237816 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2013-03-02 12:07:21 -------- d-----w- c:\windows\system32\DBBK
2013-03-02 12:07:20 21240 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2013-03-02 11:55:26 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c5fc1602-3c05-41f4-a487-b85e93356c7d}\mpengine.dll
2013-03-02 11:51:05 -------- d-----w- c:\program files\Panda Security
2013-02-21 17:51:58 -------- d-----w- c:\users\jayne\appdata\roaming\Malwarebytes
2013-02-21 17:50:14 -------- d-----w- c:\programdata\Malwarebytes
2013-02-21 11:40:14 -------- d-----w- c:\program files\Trusteer
2013-02-20 17:10:20 -------- d-----w- c:\users\jayne\appdata\roaming\f-secure
2013-02-20 17:09:13 -------- d-----w- c:\programdata\F-Secure
2013-02-20 16:57:46 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-16 13:29:20 -------- d-----w- c:\users\jayne\appdata\roaming\Anvisoft
2013-02-16 13:28:20 -------- d-----w- c:\programdata\Anvisoft
2013-02-16 13:28:16 -------- d-----w- c:\program files\Anvisoft
2013-02-15 22:31:23 186432 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-02-13 14:02:48 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-02-13 14:02:39 -------- d-----w- c:\users\jayne\appdata\roaming\LavasoftStatistics
2013-02-13 13:56:44 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-02-13 13:55:38 -------- d-----w- c:\programdata\blekko toolbars
2013-02-13 13:55:38 -------- d-----w- c:\programdata\adawaretb
2013-02-13 13:55:37 -------- d-----w- c:\users\jayne\appdata\local\adawarebp
2013-02-13 13:55:36 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-02-13 13:55:28 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-13 13:55:18 -------- d-----w- c:\program files\adawaretb
2013-02-13 13:54:43 -------- d-----w- c:\users\jayne\appdata\roaming\Ad-Aware Antivirus
2013-02-13 09:19:12 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2013-03-02 13:22:09 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-02 13:22:09 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-20 16:57:22 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-20 16:57:21 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:40:18.18 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-03 13:53:17
-----------------------------
13:53:17.709 OS Version: Windows 6.0.6001 Service Pack 1
13:53:17.709 Number of processors: 2 586 0xF0D
13:53:17.711 ComputerName: JAYNE-PC UserName: Jayne
13:53:19.940 Initialize success
13:54:08.312 AVAST engine defs: 13030300
13:54:20.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:54:20.134 Disk 0 Vendor: WDC_WD12 01.0 Size: 114473MB BusType: 3
13:54:20.154 Disk 0 MBR read successfully
13:54:20.157 Disk 0 MBR scan
13:54:20.167 Disk 0 Windows VISTA default MBR code
13:54:20.172 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 125 MB offset 63
13:54:20.208 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 258048
13:54:20.231 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101545 MB offset 21229568
13:54:20.240 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 229195776
13:54:20.279 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 229197824
13:54:20.291 Disk 0 scanning sectors +234438656
13:54:20.359 Disk 0 scanning C:\Windows\system32\drivers
13:54:39.845 Service scanning
13:55:13.267 Modules scanning
13:55:13.776 Module: C:\Windows\system32\drivers\DasBootD.SYS **SUSPICIOUS**
13:55:20.433 Disk 0 trace - called modules:
13:55:20.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
13:55:20.458 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f84758]
13:55:20.464 3 CLASSPNP.SYS[8bfbf745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87fe6030]
13:55:21.753 AVAST engine scan C:\Windows
13:55:27.406 AVAST engine scan C:\Windows\system32
14:04:23.300 AVAST engine scan C:\Windows\system32\drivers
14:04:43.362 AVAST engine scan C:\Users\Jayne
14:08:15.401 Disk 0 MBR has been saved successfully to "C:\Users\Jayne\Desktop\MBR.dat"
14:08:15.404 The log file has been saved successfully to "C:\Users\Jayne\Desktop\aswMBR.txt"
Many thanks
Hello Rebos. :snwelcome:
My name is fbfbfb. I will gladly assist you with your concerns.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my best to keep it as short as possible.
I am checking over your DDS and aswMBR logs now, and I will post back shortly with instructions.
While working to resolve the issues with your machine, please follow these guidelines:
Please be patient. Logs are lengthy and can take time to analyze.
Read and follow my directions carefully, in the sequence they are posted. If you are unsure about anything, please ask for clarification before continuing.
Use only those tools that you have been directed to use.
Do not install or uninstall any applications or run any other scans without being directed to do so.
Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
Stay with me until your machine has been deemed all clear.
Please reply within 3 days to avoid closing this topic.
_____ In Training at WTT Classroom (http://forums.whatthetech.com/forums.html) _____
Hello, Rebos.
Please work through the following scan:
Note: Before you begin, please read through these instructions completely, noting all important messages and warnings.
Please download ComboFix from HERE (http://www.bleepingcomputer.com/download/combofix/dl/12/) or HERE (http://www.infospyware.net/antimalware/combofix/).
Very Important! Save ComboFix.exe to to your Desktop.
Close all browsers.
Disable your AntiVirus and AntiSpyware applications as they can interfere with running ComboFix. To disable any security programs:
Right click on the System Tray icon, or
Refer to this link HERE (http://forums.whatthetech.com/index.php?showtopic=96260&pid=494216#entry494216) for further assistance. Double click on ComboFix.exe and follow the prompts.
When finished, ComboFix will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Warnings:
Do not mouse-click on ComboFix's window while it is running. This may cause it to stall.
Do not re-run ComboFix. If problems occur with the installation or running of ComboFix, please reply back for further instructions.
Do not attempt to surf the internet while ComboFix is scanning.
Note: If there is no internet connection after running ComboFix, reboot your computer to restore the connection.
Very Important! Make sure you re-enable your security programs when ComboFix is finished.
_____ In Training at WTT Classroom (http://forums.whatthetech.com/forums.html) _____
Hi FbFbFb:oops:
Combofix started to run before I had a chance to save and switch off security. I stopped it and deleted and have now savd it to desktop.
Do you want me to run it?
Hello, Rebos.
Yes, please run ComboFix again.
ComboFix 13-03-05.01 - Jayne 05/03/2013 17:20:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3069.1954 [GMT 0:00]
Running from: c:\users\Jayne\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))
.
.
2013-03-05 17:47 . 2013-03-05 17:47 -------- d-----w- c:\users\Denis\AppData\Local\temp
2013-03-05 17:47 . 2013-03-05 17:51 -------- d-----w- c:\users\Jayne\AppData\Local\temp
2013-03-05 17:47 . 2013-03-05 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-05 17:47 . 2013-03-05 17:47 -------- d-----w- c:\users\Max\AppData\Local\temp
2013-03-03 13:31 . 2013-03-03 13:31 -------- d-----w- c:\program files\ERUNT
2013-03-02 16:18 . 2012-08-23 11:31 32120 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-02 16:18 . 2012-08-23 11:31 21880 ----a-w- c:\windows\system32\authuitu.dll
2013-03-02 16:06 . 2013-03-02 16:06 -------- d-----w- c:\users\Jayne\AppData\Roaming\AVG2013
2013-03-02 15:46 . 2013-03-02 15:46 -------- d-----w- c:\users\Jayne\AppData\Local\AVG Secure Search
2013-03-02 15:46 . 2013-03-02 15:46 -------- d-----w- c:\programdata\AVG Secure Search
2013-03-02 15:46 . 2013-03-02 15:46 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-02 15:46 . 2013-03-02 15:46 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-03-02 15:46 . 2013-03-02 15:46 -------- d-----w- c:\program files\AVG Secure Search
2013-03-02 15:42 . 2013-03-02 15:42 -------- d-----w- C:\$AVG
2013-03-02 15:42 . 2013-03-02 15:47 -------- d-----w- c:\programdata\AVG2013
2013-03-02 15:40 . 2013-03-02 16:17 -------- d-----w- c:\program files\AVG
2013-03-02 15:37 . 2013-03-05 16:44 -------- d-----w- c:\programdata\MFAData
2013-03-02 15:37 . 2013-03-02 16:10 -------- d-----w- c:\users\Jayne\AppData\Local\Avg2013
2013-03-02 15:37 . 2013-03-02 15:37 -------- d-----w- c:\users\Jayne\AppData\Local\MFAData
2013-03-02 12:07 . 2013-02-21 18:11 83168 ----a-w- c:\windows\system32\PCloudCleanerService.EXE
2013-03-02 12:07 . 2013-03-05 17:51 -------- d-----w- c:\windows\system32\DBBK
2013-03-02 12:07 . 2013-01-04 15:34 9464 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2013-03-02 12:07 . 2013-01-04 15:34 9464 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2013-03-02 12:07 . 2013-01-04 15:34 59640 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2013-03-02 12:07 . 2013-01-04 15:34 31480 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-03-02 12:07 . 2013-01-04 15:34 28024 ----a-w- c:\windows\system32\drivers\PRSBDRVR.SYS
2013-03-02 12:07 . 2013-01-04 15:34 27896 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2013-03-02 12:07 . 2013-01-04 15:34 237816 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2013-03-02 12:07 . 2011-03-11 13:26 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2013-03-02 12:07 . 2013-01-04 15:34 21240 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2013-03-02 11:55 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5FC1602-3C05-41F4-A487-B85E93356C7D}\mpengine.dll
2013-03-02 11:51 . 2013-03-02 11:51 -------- d-----w- c:\program files\Panda Security
2013-02-23 13:05 . 2013-02-23 13:05 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2013-02-21 17:51 . 2013-02-21 17:51 -------- d-----w- c:\users\Jayne\AppData\Roaming\Malwarebytes
2013-02-21 17:50 . 2013-02-21 17:50 -------- d-----w- c:\programdata\Malwarebytes
2013-02-21 11:40 . 2013-02-21 11:40 -------- d-----w- c:\program files\Trusteer
2013-02-20 17:10 . 2013-02-20 17:10 -------- d-----w- c:\users\Jayne\AppData\Roaming\f-secure
2013-02-20 17:09 . 2013-02-20 17:09 -------- d-----w- c:\programdata\F-Secure
2013-02-20 16:57 . 2013-02-20 16:57 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-16 13:29 . 2013-02-16 13:45 -------- d-----w- c:\users\Jayne\AppData\Roaming\Anvisoft
2013-02-16 13:28 . 2013-02-16 13:28 -------- d-----w- c:\programdata\Anvisoft
2013-02-16 13:28 . 2013-02-16 13:45 -------- d-----w- c:\program files\Anvisoft
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 14:02 . 2013-02-13 14:05 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-02-13 14:02 . 2013-02-13 14:02 -------- d-----w- c:\users\Jayne\AppData\Roaming\LavasoftStatistics
2013-02-13 13:56 . 2013-02-13 13:56 -------- d-----w- c:\programdata\Lavasoft
2013-02-13 13:56 . 2013-02-13 16:53 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\programdata\blekko toolbars
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\programdata\adawaretb
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\users\Jayne\AppData\Local\adawarebp
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\program files\adawaretb
2013-02-13 13:54 . 2013-02-13 14:05 -------- d-----w- c:\users\Jayne\AppData\Roaming\Ad-Aware Antivirus
2013-02-13 09:19 . 2013-02-13 09:19 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-02 13:22 . 2012-07-28 09:05 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-02 13:22 . 2011-05-20 08:15 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-20 16:57 . 2012-08-23 09:19 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-20 16:57 . 2010-05-29 08:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 01:28 . 2009-10-04 07:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 09:58 . 2013-01-07 09:58 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eye-Fi"="c:\program files\Windows Photo Gallery\Helper\EyeFiHelper.exe" [2011-12-21 3961464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-03-02 1151152]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Jayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Dropbox.lnk - c:\users\Jayne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-18 13:08 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 22:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Denis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Denis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk]
path=c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
backup=c:\windows\pss\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-01-25 05:42 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-07-03 12:29 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 12:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-17 14:19 136176 ----atw- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 02:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 17:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-16 09:27 13793824 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-06-16 09:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2008-03-04 05:05 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 09:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-16 21:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-12-03 04:28 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Jayne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"doubleTwist"=c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 13:22]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1000Core.job
- c:\users\Jayne\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-02 18:28]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1000UA.job
- c:\users\Jayne\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-02 18:28]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1001Core.job
- c:\users\Max\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 13:14]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1001UA.job
- c:\users\Max\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 13:14]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1002Core.job
- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 14:19]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1002UA.job
- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 14:19]
.
2013-03-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-05 17:51
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2013-03-05 17:55:23
ComboFix-quarantined-files.txt 2013-03-05 17:55
.
Pre-Run: 3,596,492,800 bytes free
Post-Run: 4,659,183,616 bytes free
.
- - End Of File - - 91738C99D886BD6B6A12C6A9989A44F9
Hello, Rebos.
Thank you for the log. Please work through each of the following tasks. For your convenience, you may wish to print these instructions.
Please uninstall the following programs:
1. Uninstall Anti-Virus Program
It appears you are currently running multiple antivirus programs—AVG and Ad-Aware Anti-Virus. This can trigger system slow downs, crashes, and/or conflicts with each other causing them not to work properly. I am recommending that you keep one good antivirus program installed on your computer. To delete the other one, please follow these steps:
Click Start and select Control Panel.
When the Control Panel window opens, click on Uninstall a program found under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Look through the list of programs for the one that you would like to uninstall, and then left-click on it once to highlight it.
Click on the Uninstall button.
When asked if you are sure you want to uninstall, click Yes.
The program will uninstall, and when completed you will be back at the list of programs installed on your computer.
To uninstall Ad-Aware Security Toolbar and Blekko Toolbar, repeat the above procedure.
When finished, close the Programs and Features screen.
2. Uninstall Toolbars from Internet Explorer
If the Ad-Aware Security Toolbar and Blekko Toolbar still appear in your browser, continue as follows:
Click Tools > Manage add-ons.
In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
Highlight the toolbars you wish to remove, and select Disable.
The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click OK.
Click Close to dismiss the add-ons window.
3. Reset Your Home Page and Default Search Engine
Removing the toolbars may have changed your browser settings (homepage, default search engines). If so, please follow the instructions found HERE (http://eula.mindspark.com/reset-homepage-default-search-settings/).
Please run the following scans:
1. JRT (Junkware Removal Tool)
Please download Junkware Removal Tool from HERE (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Right-mouse click JRT.exe and select Run as Administrator.
JRTwill begin to backup your registry and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, the log JRT.txt is saved on your desktop and will automatically open.
Post the contents of JRT.txt into your next reply.
2. AdwCleaner
Please download AdwCleaner from HERE (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/).
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on the Delete button.
A logfile will automatically open after the scan has finished.
You can also find the logfile at C:\AdwCleaner[S1].txt.
Copy and paste the adwcleaner.txt report into your next reply.
3. Malwarebytes Anti-Malware
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.Post the report please.
4. ESET Online Scan
Note: Disable any antivirus program and antispyware programs to avoid conflicts.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
Please do not surf the internet while your security programs are disabled.
Let the scan run uninterrupted to avoid a stall.
Remember to enable your security programs when the scan has finished.
Run ESET Online Scanner from HERE (http://www.eset.eu/online-scanner).
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box YES, I accept the Terms of Use.
Click on the Start button next to it.
If prompted, allow the Add-On/Active X to install.
Under Computer scan settings:
Do not check Remove found threats
Check Scan Archives.
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
Wait for the scan to finish. When the scan completes, click List of found threats.
Click Export and save the file to your desktop using a unique name, such as ESETScan.
Copy and paste the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
SUMMARY: In your next reply, please post the following:
JRT.txt
adwcleaner.txt
MBAM log
ESET log
Let me know how your computer is running.
____ In Training at WTT Classroom (http://forums.whatthetech.com/forums.html) ____
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Jayne on 06/03/2013 at 9:19:52.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\adawaretb"
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\Users\Jayne\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Jayne\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Jayne\appdata\locallow\asktoolbar"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/03/2013 at 9:29:24.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v2.114 - Logfile created 03/06/2013 at 09:34:28
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Jayne - JAYNE-PC
# Boot Mode : Normal
# Running from : C:\Users\Jayne\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Jayne\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Users\Max\AppData\LocalLow\AskToolbar
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[S1].txt - [1162 octets] - [06/03/2013 09:34:28]
########## EOF - C:\AdwCleaner[S1].txt - [1222 octets] ##########
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.06.07
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jayne :: JAYNE-PC [administrator]
Protection: Disabled
06/03/2013 10:45:26
mbam-log-2013-03-06 (10-45-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253526
Time elapsed: 6 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
C:\$RECYCLE.BIN\S-1-5-21-3704117945-1433447086-1109901018-1000\$R0DBQK9.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Jayne\Documents\Downloads\Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
C:\Windows\System32\DBBK\0345C2B71520FAE5344695FF84E28B0F a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
Hello, Rebos.
Thank you for the logs. These logs appear to be clean. Please work through this next step:
Very Important!
Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix and can cause unpredictable results.
Please open Notepad:
Start > Run.
Type notepad in the Open field
Click OK.
Copy and paste the text inside the code box below:
DDS::
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Save this as CFScript.txt to your desktop and change the "Save as type" to All Files.
Drag the CFScript.txt into ComboFix.exe as shown in the screenshot below:
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, ComboFix will produce a log for you. Copy and paste the contents of the log in your next reply.
WARNING
Do not mouse-click ComboFix's window while it is running. This may cause it to stall.
Do not attempt to surf the internet while ComboFix is scanning.
Very Important! Make sure you re-enable your security programs when ComboFix is finished.
Rebos, to better assess the condition of your system, could you please let me know how it is running now, and if there are any further issues?
____ In Training at WTT Classroom (http://forums.whatthetech.com/forums.html) ____
Hello, Rebos.
Do you still need help with your machine?
System running fine. Can you please explain what thsi next step will do
thanks
Hello, Rebos.
Glad your system is running fine.
This next step will ensure that Google Sidewiki is removed from your system. Google shut down Sidewiki in 2011 due to controversies over abusive comments and defamation of sites and products left by internet users.
Your log detected the presence of Sidewiki in your system. It is always wise to delete remnants of programs that were not properly removed to avoid build up of system clutter which is often a cause of slowdowns and other system errors.
Then, to complete cleanup of your system, we would like to walk you through a bit of housekeeping. While working to restore your computer’s functionality, we used several tools: DDS, ComboFix, JRT, and AdwCleaner, all of which produced logs. We would like to ensure that these tools and logs are also properly removed from your system as they are no longer needed.
ComboFix 13-03-10.02 - Jayne 10/03/2013 17:38:59.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3069.1571 [GMT 0:00]
Running from: c:\users\Jayne\Desktop\ComboFix.exe
Command switches used :: c:\users\Jayne\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-10 to 2013-03-10 )))))))))))))))))))))))))))))))
.
.
2013-03-10 18:09 . 2013-03-10 18:09 -------- d-----w- c:\users\Max\AppData\Local\temp
2013-03-10 18:09 . 2013-03-10 18:09 -------- d-----w- c:\users\Denis\AppData\Local\temp
2013-03-10 18:09 . 2013-03-10 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-09 13:55 . 2013-03-09 13:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 16:30 . 2013-03-06 16:30 -------- d-----w- c:\users\Jayne\AppData\Roaming\Betting Assistant For Betdaq
2013-03-06 16:29 . 2013-03-06 16:29 -------- d-----w- c:\program files\Betting Assistant For Betdaq
2013-03-06 15:53 . 2013-02-28 08:36 368248 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 15:53 . 2013-02-28 08:36 29880 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 15:53 . 2013-02-28 08:36 49832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 15:53 . 2013-02-28 08:36 765808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 15:53 . 2013-02-28 08:36 62448 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 15:53 . 2013-02-28 08:36 163784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 15:53 . 2013-02-28 08:36 49320 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 15:53 . 2013-02-28 08:36 66408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 15:53 . 2013-02-28 08:35 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-06 15:52 . 2013-02-28 08:36 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 15:52 . 2013-03-06 15:52 -------- d-----w- c:\program files\AVAST Software
2013-03-06 15:50 . 2013-03-06 15:52 -------- d-----w- c:\programdata\AVAST Software
2013-03-06 10:56 . 2013-03-06 10:56 -------- d-----w- c:\program files\ESET
2013-03-06 10:44 . 2013-03-06 10:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-06 10:44 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-06 09:19 . 2013-03-06 09:19 -------- d-----w- c:\windows\ERUNT
2013-03-06 09:19 . 2013-03-06 09:19 -------- d-----w- C:\JRT
2013-03-06 08:05 . 2013-03-06 08:05 -------- d-----w- c:\users\Jayne\AppData\Local\Avg2013
2013-03-05 17:55 . 2013-03-10 18:10 -------- d-----w- c:\users\Jayne\AppData\Local\temp
2013-03-02 15:37 . 2013-03-06 08:09 -------- d-----w- c:\programdata\MFAData
2013-03-02 15:37 . 2013-03-02 15:37 -------- d-----w- c:\users\Jayne\AppData\Local\MFAData
2013-03-02 12:07 . 2013-02-21 18:11 83168 ----a-w- c:\windows\system32\PCloudCleanerService.EXE
2013-03-02 12:07 . 2013-03-10 18:08 -------- d-----w- c:\windows\system32\DBBK
2013-03-02 12:07 . 2013-01-04 15:34 9464 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2013-03-02 12:07 . 2013-01-04 15:34 9464 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2013-03-02 12:07 . 2013-01-04 15:34 59640 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2013-03-02 12:07 . 2013-01-04 15:34 31480 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-03-02 12:07 . 2013-01-04 15:34 28024 ----a-w- c:\windows\system32\drivers\PRSBDRVR.SYS
2013-03-02 12:07 . 2013-01-04 15:34 27896 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2013-03-02 12:07 . 2013-01-04 15:34 237816 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2013-03-02 12:07 . 2011-03-11 13:26 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2013-03-02 12:07 . 2013-01-04 15:34 21240 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2013-03-02 11:55 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5FC1602-3C05-41F4-A487-B85E93356C7D}\mpengine.dll
2013-03-02 11:51 . 2013-03-02 11:51 -------- d-----w- c:\program files\Panda Security
2013-02-23 13:05 . 2013-02-23 13:05 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2013-02-21 17:51 . 2013-02-21 17:51 -------- d-----w- c:\users\Jayne\AppData\Roaming\Malwarebytes
2013-02-21 17:50 . 2013-02-21 17:50 -------- d-----w- c:\programdata\Malwarebytes
2013-02-21 11:40 . 2013-02-21 11:40 -------- d-----w- c:\program files\Trusteer
2013-02-20 17:10 . 2013-02-20 17:10 -------- d-----w- c:\users\Jayne\AppData\Roaming\f-secure
2013-02-20 17:09 . 2013-02-20 17:09 -------- d-----w- c:\programdata\F-Secure
2013-02-16 13:29 . 2013-02-16 13:45 -------- d-----w- c:\users\Jayne\AppData\Roaming\Anvisoft
2013-02-16 13:28 . 2013-02-16 13:28 -------- d-----w- c:\programdata\Anvisoft
2013-02-16 13:28 . 2013-02-16 13:45 -------- d-----w- c:\program files\Anvisoft
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 14:02 . 2013-02-13 14:05 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-02-13 14:02 . 2013-02-13 14:02 -------- d-----w- c:\users\Jayne\AppData\Roaming\LavasoftStatistics
2013-02-13 13:56 . 2013-02-13 13:56 -------- d-----w- c:\programdata\Lavasoft
2013-02-13 13:56 . 2013-02-13 16:53 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-13 13:54 . 2013-02-13 14:05 -------- d-----w- c:\users\Jayne\AppData\Roaming\Ad-Aware Antivirus
2013-02-13 09:19 . 2013-02-13 09:19 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-09 13:54 . 2012-08-23 09:19 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-09 13:54 . 2010-05-29 08:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-02 13:22 . 2012-07-28 09:05 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-02 13:22 . 2011-05-20 08:15 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 01:28 . 2009-10-04 07:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 09:58 . 2013-01-07 09:58 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eye-Fi"="c:\program files\Windows Photo Gallery\Helper\EyeFiHelper.exe" [2011-12-21 3961464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Jayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Dropbox.lnk - c:\users\Jayne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-18 13:08 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 22:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Denis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Denis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk]
path=c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
backup=c:\windows\pss\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-01-25 05:42 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-07-03 12:29 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 12:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-17 14:19 136176 ----atw- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 02:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 17:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-16 09:27 13793824 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-06-16 09:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2008-03-04 05:05 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 09:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-16 21:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-12-03 04:28 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Jayne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"doubleTwist"=c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 15:40 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 13:22]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2013-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1001Core.job
- c:\users\Max\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 13:14]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1001UA.job
- c:\users\Max\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 13:14]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1002Core.job
- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 14:19]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1002UA.job
- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 14:19]
.
2013-03-10 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Hardware Helper_is1 - c:\program files\Driver-Soft\HardwareHelper\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-10 18:10
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(3136)
c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2013-03-10 18:13:12
ComboFix-quarantined-files.txt 2013-03-10 18:12
ComboFix2.txt 2013-03-05 17:55
.
Pre-Run: 3,435,749,376 bytes free
Post-Run: 3,551,739,904 bytes free
.
- - End Of File - - F8EC6BE5DD21E9DE69108F4378B3BD59
Here we
Hello, Rebos.
Thank you for submitting the ComboFix log. It appears that Google Sidewiki is still present. Let's try this:
Remove your Google Toolbar completely. This will delete Sidewiki as it is an add-on.
Then, if you choose, you can reinstall Google Toolbar. Sidewiki should no longer be present since Google removed it from its add-on list.
Please let me know if this has solved this issue, and we will move forward with our housekeeping.
____ In Training at WTT Classroom (http://forums.whatthetech.com/forums.html) ____
Are you still with me, Rebos?
Very Much So sorry work got in the way.
I have deleted chrome and re installed it
:heart:
Hello, Rebos.
Thank you for getting back to me.
I am understanding that Sidewiki is no longer on your system, correct? If so, let's go ahead with our cleanup.
Please work through the following steps to ensure that unnecessary programs and files have been removed and your system is up-to-date.
Please uninstall Combofix.
Click Start > In the Search field, enter combofix /uninstal. Please note that there is a space between combofix and /uninstall.
Click Enter. The Open File security warning will appear asking if you are sure you want to run ComboFix. Please click the Run button to start the program. This will uninstall Combofix and anything associated with it.
When ComboFix has finished uninstalling, delete the ComboFix.exe program from your computer.
Tool Removal
You no longer need the following tools. Please delete these and any logs from your machine: DDS, JRT, and AdwCleaner. You can keep Malwarebytes for future use if you choose.
If you wish to uninstall ESET Online Scanner, please do the following:
Click Start and select Control Panel.
Click the Uninstall a Program option found under the Programs category.
Select the ESET Online Scanner.
Click Remove.
A restart may be required to complete uninstallation.
Clean Up Temp Files
Please download TFC (http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer) by OldTimer to your desktop.
Close any open windows.
Double click the TFC icon to run the program.
TFC will close all open programs itself in order to run.
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish.
Once complete, it should automatically reboot your machine.
If your computer does not automatically reboot, manually reboot to ensure a complete clean.
Update Java
To improve your software's performance or stability, please remove any older versions of Java and update to the latest version.
Download JavaRa to your desktop HERE (http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download) and unzip it to its own folder.
Run JavaRa.exe, choose the language of your choice, and click Select.
Click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search
Click on the Open Webpage button, and download and install the latest Java Runtime Environment (JRE) version for your computer.
Update Internet Explorer
Download the latest version of Internet Explorer HERE (http://windows.microsoft.com/en-CA/internet-explorer/downloads/ie-10/worldwide-languages).
Turn On Automatic Updates
To turn on Automatic Updates:
Click Start > Control Panel > Automatic Updates. The Automatic Updates window will open.
Click Automatic (recommended) and select a day and time for the updates to be installed.
Note: Your computer must be turned on at the scheduled time for updates to be installed. However, Windows recognizes when you are online and uses your internet connection to find updates that apply to your computer, and notifies you when the updates are downloaded. You can install the updates as soon as they are finished downloading.
Adobe Updates
Adobe Reader
To improve the funtionaility and security your software, please update Adobe Reader HERE (http://get.adobe.com/reader/). Updates safeguard your system against malicious attacks through PDF files.
Adobe Flash
To improve the funtionaility and security of your software, please update Adobe Flash HERE (http://www.adobe.com/support/flashplayer/downloads.html).
Update Anti-Virus Software
New variants of malware are increasing daily making your computer very susceptible to attacks without updated protection. Check for any updates to your AVAST antivirus software.
Recommended Reading
To maintain a clean and healthy system, please take the time to read through the following informative articles:
The Dangers of P2P File Sharing HERE (http://www.esecurityguy.com/p2p_file_sharing)
How to Prevent Malware by Miekiemoes HERE (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So How Did I Get Infected In the First Place? By Tony Klein HERE (http://www.spywareinfoforum.com/index.php?showtopic=60955)
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams HERE (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/)
Help! My computer is Slow – How to improve system performance after malware removal by Miekiemoes HERE (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Create Strong Passwords by Microsoft HERE (http://www.microsoft.com/security/online-privacy/passwords-create.aspx)
PC Safety and Security – What do I need to do? by Glaswegian HERE (http://www.techsupportforum.com/forums/f112/pc-safety-and-security-what-do-i-need-525915.html)
Rebos, if you have no further issues, please take a moment to respond to this thread one last time so that I can mark it resolved.
____ In Training at WTT Classroom (http://forums.whatthetech.com/forums.html) ____
All done and working many thanks:heart: