View Full Version : Malware problems with my PC
laudorum
2014-03-07, 17:10
Hi everyone
I've been having some serious problems with my PC recently, and over the last months its been a lot slower to start up and has been running sluggishly. More worryingly 200GB has disappeared from the "C" hard drive, and I've been finding a number of PUP infections and hidden zero-byte folders have been appearing. Something has also attempted on several occasions to alter my web browser home page (i.e. to porn sites etc).
I have been using Avast as my main anti-virus program and this never picked up any infections of a serious nature. I've since deleted Avast and have tried using a number of other free anti-virus programs but have not had any luck, and I cannot download programs such as ad-aware and AVG due to errors in the installation processes (and I'm wondering whether a possible infection might be responsible for this).
I've most recently downloaded Stopzilla on a 15-day free trail, and this has discovered the following infections:
a) trojan.win32.mouse,gen (nkim/software/microsoft/windowsNT/currentversion/winlogon/taskman)
b) trojan.win32.generi.pak!colorac (c/users/stephen/desktop/easyjuice/easyjuice.exe)
c) two instances of Isearch toolbar
d) twelve instances of conduit toolbar
e) open candy
f) Hosts file A (non-restorable) = 18 hijackers
g) Host file D (non-restorable) = 4 hijackers
h) Host file B (non-restorable) = 14 trojans
I) Adware JS conduit (3 instances)
j) Isearch toolbar
k) Smartbar (this last one has been quarantined by Stopzilla)
I have an expansion drive which is powered by Memio and 6this automatically backs up my files - so it is likely that this drive has also been infected (and I've disconnected it to be on the safe side).
I'm worried that these problems are potentially quite serious and I'm reluctant to use my computer for internet banking or for making any online orders. I'd really appreciate it if anyone can make any sense of this and give me some advice about what to do next.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.51.2
Run by Stephen at 23:53:59 on 2014-03-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.850 [GMT 0:00]
.
AV: STOPzilla *Disabled/Updated* {17032AB1-6644-0721-EEB5-A39B8B646009}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla *Enabled/Updated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
FW: Privatefirewall *Enabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\atiesrxx.exe
C:\Program Files\STOPzilla!\SZServer.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - LocalServer32 - <no file>
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NEROMEDIAHOME.EXE" /AUTORUN
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
dRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
StartupFolder: c:\users\stephen\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Search - <no file>
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1FA48FB6-FE93-4FB7-96F9-D591B098DBAE} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: linkscanner - <Clsid value has no data>
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stephen\appdata\roaming\mozilla\firefox\profiles\op65iw1g.default-1359464117396\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\iobit\surfing protection\browerprotect\np_Asc_plugin.dll
FF - plugin: c:\program files\iobit\surfing protection\browerprotect\NPASCSafariPluginProtect.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2014-1-23 18624]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2014-2-13 61328]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2014-2-22 130568]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2013-11-19 881440]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-1-1 217088]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-12 21504]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-7-8 25824]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2014-2-13 66344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-30 1153368]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2014-1-9 770432]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2014-2-13 61328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-11-19 2151200]
S2 SessionLauncher;SessionLauncher; [x]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2014-1-7 15384]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-9-12 21504]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-3-8 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-3-8 19008]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-10-7 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2010-10-7 53312]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool; [x]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-9-27 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 IObitBarService;IObit Toolbar Service;c:\progra~1\iobitbar\toolbar\1.bin\i0barsvc.exe --> c:\progra~1\iobitbar\toolbar\1.bin\i0barsvc.exe [?]
S4 RoxLiveShare10;LiveShare P2P Server 10; [x]
.
=============== Created Last 30 ================
.
2014-03-05 21:29:58 -------- d-----w- c:\users\stephen\appdata\roaming\DriverCure
2014-03-05 21:29:55 -------- d-----w- c:\users\stephen\appdata\roaming\ParetoLogic
2014-03-05 21:28:52 -------- d-----w- c:\programdata\ParetoLogic
2014-03-05 03:41:02 -------- d-----w- c:\windows\A16BBEABAAEF434ABFDD297708709FCC.TMP
2014-03-05 00:16:47 9216 ----a-w- c:\windows\system32\ffnd.exe
2014-03-04 22:49:42 -------- d-----w- c:\users\stephen\appdata\roaming\FreeFixer
2014-03-04 22:49:42 -------- d-----w- c:\users\stephen\appdata\local\FreeFixer
2014-03-04 22:49:18 -------- d-----w- c:\program files\FreeFixer
2014-03-04 19:07:32 44424 ----a-r- c:\windows\system32\SBBD.EXE
2014-03-04 19:07:32 22064 ----a-r- c:\windows\system32\drivers\sbaphd.sys
2014-03-04 19:07:09 -------- d-----w- c:\programdata\STOPzilla!
2014-03-04 19:07:09 -------- d-----w- c:\program files\STOPzilla!
2014-03-01 19:58:53 -------- d-----w- c:\programdata\Kaspersky Lab
2014-03-01 19:58:53 -------- d-----w- c:\program files\Kaspersky Lab
2014-03-01 19:22:12 -------- d-----w- C:\rei
2014-03-01 19:09:21 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-03-01 19:09:21 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-03-01 19:09:21 274432 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-01 19:09:21 1122304 ----a-w- c:\windows\system32\libeay32.dll
2014-02-28 18:49:23 -------- d-----w- c:\users\stephen\appdata\roaming\LavasoftStatistics
2014-02-27 18:13:28 -------- d-----w- c:\users\stephen\Coop
2014-02-25 18:15:55 -------- d-----w- c:\users\stephen\AbiSuite
2014-02-25 18:14:34 -------- d-----w- c:\program files\AbiWord
2014-02-25 16:23:28 -------- d-----w- c:\users\stephen\appdata\roaming\1H1Q
2014-02-25 09:40:41 -------- d-----w- c:\users\stephen\appdata\local\CrashDumps
2014-02-24 17:30:27 -------- d-----w- c:\program files\AVG
2014-02-24 16:34:18 -------- d-----w- c:\programdata\HitmanPro
2014-02-24 03:13:18 -------- d-----w- C:\AdwCleaner
2014-02-24 01:40:49 3749640 ----a-w- c:\users\stephen\privatefirewall.exe24 02 2014.exe
2014-02-23 15:34:27 14232 ----a-w- c:\windows\system32\sh4native.exe
2014-02-22 06:43:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 06:43:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-22 06:34:31 3749640 ----a-w- c:\users\stephen\privatefirewall.exe
2014-02-22 06:08:24 -------- d-----w- c:\users\stephen\appdata\local\Privatefirewall
2014-02-22 06:04:42 -------- d-----w- c:\users\stephen\appdata\local\MFAData
2014-02-22 06:04:42 -------- d-----w- c:\users\stephen\appdata\local\Avg2014
2014-02-22 04:44:28 130568 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-02-22 04:43:53 -------- d-----w- c:\programdata\Privacyware
2014-02-22 04:43:52 -------- d-----w- c:\program files\Privacyware
2014-02-22 03:49:31 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6f44954-d839-4401-a1d9-9517f6a307dd}\mpengine.dll
2014-02-22 01:45:00 -------- d-----w- c:\users\stephen\appdata\roaming\SecureSearch
2014-02-18 23:26:15 110080 ----a-r- c:\users\stephen\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconF7A21AF7.exe
2014-02-18 23:26:15 110080 ----a-r- c:\users\stephen\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconD7F16134.exe
2014-02-18 23:26:15 110080 ----a-r- c:\users\stephen\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconCF33A0CE.exe
2014-02-18 23:26:07 -------- d-----w- C:\sh4ldr
2014-02-18 23:26:07 -------- d-----w- c:\program files\Enigma Software Group
2014-02-18 23:24:40 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-02-16 17:45:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-13 10:32:40 66344 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2014-02-13 10:32:34 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2014-02-13 10:32:34 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2014-02-12 07:52:30 -------- d-----w- c:\users\stephen\Blank Cd's
.
==================== Find3M ====================
.
2014-02-21 09:42:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 09:42:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-17 03:14:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-08 15:54:22 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-03 10:00:12 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-01 16:49:47 317240 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 16:49:46 83808 ----a-w- c:\windows\system32\NicInE6.dll
2014-01-01 16:49:46 28272 ----a-w- c:\windows\system32\NicCo26.dll
2014-01-01 16:49:45 232296 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2014-01-01 16:49:44 121440 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 16:45:20 0 ----a-w- c:\windows\ativpsrm.bin
2014-01-01 16:12:02 319456 ----a-w- c:\windows\system32\Difxapi.dll
2014-01-01 16:12:01 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-01-01 16:12:01 48544 ----a-w- c:\windows\system32\atiuxpag.dll
2014-01-01 16:12:01 4782960 ----a-w- c:\windows\system32\atiumdva.dll
2013-12-24 10:40:32 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 15:26:43 204496 ----a-w- c:\program files\startuplite-setup-1.07.exe
.
============= FINISH: 23:54:37.95 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-06 01:05:19
-----------------------------
01:05:19.720 OS Version: Windows 6.0.6002 Service Pack 2
01:05:19.721 Number of processors: 4 586 0xF0B
01:05:19.721 ComputerName: RODLEY UserName:
01:05:24.198 Initialize success
01:07:06.495 AVAST engine defs: 14030500
01:07:14.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
01:07:14.268 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
01:07:14.416 Disk 0 MBR read successfully
01:07:14.419 Disk 0 MBR scan
01:07:14.423 Disk 0 Windows VISTA default MBR code
01:07:14.426 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
01:07:14.492 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
01:07:14.511 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
01:07:14.518 Disk 0 scanning sectors +976771072
01:07:14.685 Disk 0 scanning C:\Windows\system32\drivers
01:07:30.821 Service scanning
01:07:44.238 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
01:07:52.723 Modules scanning
01:07:57.647 Disk 0 trace - called modules:
01:07:57.680 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
01:07:57.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854031e8]
01:07:57.690 3 CLASSPNP.SYS[87baf8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x83b36028]
01:08:01.133 AVAST engine scan C:\Windows
01:08:05.058 AVAST engine scan C:\Windows\system32
01:11:48.927 AVAST engine scan C:\Windows\system32\drivers
01:12:23.094 AVAST engine scan C:\Users\Stephen
01:13:16.075 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
01:13:16.083 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-06 01:05:19
-----------------------------
01:05:19.720 OS Version: Windows 6.0.6002 Service Pack 2
01:05:19.721 Number of processors: 4 586 0xF0B
01:05:19.721 ComputerName: RODLEY UserName:
01:05:24.198 Initialize success
01:07:06.495 AVAST engine defs: 14030500
01:07:14.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
01:07:14.268 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
01:07:14.416 Disk 0 MBR read successfully
01:07:14.419 Disk 0 MBR scan
01:07:14.423 Disk 0 Windows VISTA default MBR code
01:07:14.426 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
01:07:14.492 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
01:07:14.511 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
01:07:14.518 Disk 0 scanning sectors +976771072
01:07:14.685 Disk 0 scanning C:\Windows\system32\drivers
01:07:30.821 Service scanning
01:07:44.238 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
01:07:52.723 Modules scanning
01:07:57.647 Disk 0 trace - called modules:
01:07:57.680 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
01:07:57.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854031e8]
01:07:57.690 3 CLASSPNP.SYS[87baf8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x83b36028]
01:08:01.133 AVAST engine scan C:\Windows
01:08:05.058 AVAST engine scan C:\Windows\system32
01:11:48.927 AVAST engine scan C:\Windows\system32\drivers
01:12:23.094 AVAST engine scan C:\Users\Stephen
01:13:16.075 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
01:13:16.083 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR.txt"
01:56:08.372 AVAST engine scan C:\ProgramData
01:56:33.329 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
01:56:33.371 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR.txt"
Admin Edit
Copy pasted logs into post.
Hi and welcome
A couple of items need to be uninstalled or a few tools used to scan your computer will delete them because they are either dubious and known for thievery and false claims.
Advanced SystemCare 7 <-- for right now just this one, we'll deal with the others in a few.
I think you'll need to boot into safe mode with networking to download and run the tool I'm about to suggest since you said issues are now preventing the
cannot download install programs such as ad-aware and AVG due to errors in the installation processes, and yes the infection is probably at fault here.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
~~~~~~~~~~~~~~~~~~~~
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
laudorum
2014-03-08, 02:46
Hi Juliet,
Thanks For The Prompt response.
Additional Problems 1)ERUNT File Is Corrupted,Error Saving File-Access Is Denied
2)STOPzilla Reports another Trojan:-Trojan.Win32.VBInject.gen(C:\users\Stephen\downloads\winlogon.exe)
The Trojan arrived after running RKill.
It Never Rains but it Pours
_As requested RKill Scan Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 03/07/2014 11:14:25 PM in x86 mode. (Safe Mode)
Windows Version: Windows Vista (TM) Home Premium Service Pack 2
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
::1 localhost
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
20 out of 15474 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 03/07/2014 11:19:19 PM
Execution time: 0 hours(s), 4 minute(s), and 54 seconds(s)
FRST txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014 01
Ran by Stephen (administrator) on RODLEY on 07-03-2014 23:46:29
Running from C:\Users\Stephen\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(iS3, Inc.) C:\Program Files\STOPzilla!\SZServer.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\system32\CTsvcCDA.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(SigmaTel, Inc.) C:\Windows\system32\STacSV.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(iS3, Inc.) C:\Program Files\STOPzilla!\STOPzilla.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
() C:\Program Files\SpywareBlaster\SpywareBlaster\spywareblaster.exe
() C:\Program Files\SpywareBlaster\SpywareBlaster\spywareblaster.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\Run: [Privatefirewall] - C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Run: [Nero MediaHome 4] - C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5174568 2010-03-08] (Nero AG)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] - "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\Run: [Nero MediaHome 4] - C:\PROGRAM FILES\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE [5174568 2010-03-08] (Nero AG)
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\MountPoints2: {66017e5e-031a-11dd-afe6-00197ee6e61e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\.\WindowsEasyTransfer\x86\.\MigSetup.exe
HKU\S-1-5-21-3375399300-159844686-3421529289-1352\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Users\Stephen\Desktop\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={63D7376A-0787-47CF-A8CD-0AD987FC2F49}&mid=d2569ab5538c93c822863677b6318a56-29a5729903258921bbe403d9ba937ed4267ed3b2&lang=en&ds=AVG&pr=fr&d=2011-10-16 04:25:51&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={63D7376A-0787-47CF-A8CD-0AD987FC2F49}&mid=d2569ab5538c93c822863677b6318a56-29a5729903258921bbe403d9ba937ed4267ed3b2&lang=en&ds=AVG&pr=fr&d=2011-10-16 04:25:51&v=10.0.0.7&sap=dsp&q={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: linkscanner - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-05] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
FireFox:
========
FF ProfilePath: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\Extensions\ascsurfingprotection@iobit.com [2013-12-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR DefaultSearchKeyword: google.co.uk
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]
CHR Extension: (Google Drive) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10]
CHR Extension: (YouTube) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10]
CHR Extension: (Google Search) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-08] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2008-03-08] (Creative Labs)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-03-08] (Google)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-07-08] (Memeo)
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-03-08] (Nero AG)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2007-11-15] (SupportSoft, Inc.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)
R2 szserver; C:\Program Files\STOPzilla!\SZServer.exe [57136 2014-02-13] (iS3, Inc.)
S4 IObitBarService; C:\PROGRA~1\IObitBar\toolbar\1.bin\i0barsvc.exe [X]
S4 RoxLiveShare10; No ImagePath
S2 SessionLauncher; No ImagePath
S3 SophosVirusRemovalTool; No ImagePath
==================== Drivers (Whitelisted) ====================
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15384 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S0 is3srv; C:\Windows\System32\drivers\is3srv.sys [61328 2014-02-13] (iS3 Inc.)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2013-02-27] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2013-02-27] (microOLAP Technologies LTD)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2014-01-01] (Advanced Micro Devices, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2014-02-13] (GFI Software)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-01-03] ()
R0 szkg5; C:\Windows\System32\DRIVERS\szkg.sys [61328 2014-02-13] (iS3 Inc.)
S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; No ImagePath
S0 szkgfs; system32\drivers\szkgfs.sys [X]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-07 23:46 - 2014-03-07 23:50 - 00017492 _____ () C:\Users\Stephen\Downloads\FRST.txt
2014-03-07 23:46 - 2014-03-07 23:46 - 00000000 ____D () C:\FRST
2014-03-07 23:45 - 2014-03-07 23:45 - 01145344 _____ (Farbar) C:\Users\Stephen\Downloads\FRST.exe
2014-03-07 23:41 - 2014-03-07 23:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill(1).exe
2014-03-07 23:36 - 2014-03-07 23:36 - 00000120 _____ () C:\Windows\system32\Drivers\kgpfr2.cfg
2014-03-07 23:14 - 2014-03-07 23:44 - 00000002 _____ () C:\Users\Stephen\Desktop\Rkill.txt
2014-03-07 23:04 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.scr
2014-03-07 23:04 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.com
2014-03-07 23:03 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.exe
2014-03-07 18:58 - 2014-03-07 18:58 - 00000398 _____ () C:\Users\Stephen\Downloads - Shortcut (2).lnk
2014-03-07 18:52 - 2014-03-07 18:52 - 00000398 _____ () C:\Users\Stephen\Downloads - Shortcut.lnk
2014-03-07 14:45 - 2014-03-07 14:45 - 00000566 _____ () C:\Users\Stephen\Desktop\MBR.zip.zip
2014-03-07 01:51 - 2014-03-07 01:51 - 00688992 ____R (Swearware) C:\Users\Stephen\Downloads\dds.scr
2014-03-07 01:26 - 2014-03-07 01:29 - 00000000 ____D () C:\Users\Stephen\Desktop\ERUNT
2014-03-07 01:26 - 2014-03-07 01:26 - 00000519 _____ () C:\Users\Stephen\Desktop\NTREGOPT.lnk
2014-03-07 01:26 - 2014-03-07 01:26 - 00000500 _____ () C:\Users\Stephen\Desktop\ERUNT.lnk
2014-03-07 01:22 - 2014-03-07 01:22 - 00791393 _____ (Lars Hederer ) C:\Users\Stephen\Downloads\erunt-setup.exe
2014-03-06 23:54 - 2014-03-06 23:54 - 00018676 _____ () C:\Users\Stephen\Desktop\dds.txt
2014-03-06 01:13 - 2014-03-06 01:56 - 00004077 _____ () C:\Users\Stephen\Desktop\aswMBR.txt
2014-03-06 01:13 - 2014-03-06 01:56 - 00000512 _____ () C:\Users\Stephen\Desktop\MBR.dat
2014-03-06 00:53 - 2014-03-07 01:26 - 00000559 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\NTREGOPT.lnk
2014-03-06 00:53 - 2014-03-07 01:26 - 00000540 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\ERUNT.lnk
2014-03-05 21:29 - 2014-03-05 21:29 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\ParetoLogic
2014-03-05 21:29 - 2014-03-05 21:29 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\DriverCure
2014-03-05 21:28 - 2014-03-05 23:15 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-05 18:13 - 2014-03-04 19:08 - 00450016 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-181330.backup
2014-03-05 03:41 - 2014-03-05 23:15 - 00000000 ____D () C:\Windows\A16BBEABAAEF434ABFDD297708709FCC.TMP
2014-03-05 00:16 - 2010-03-08 10:10 - 00009216 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2014-03-04 22:49 - 2014-03-07 13:09 - 00000312 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-03-04 22:49 - 2014-03-05 00:16 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\FreeFixer
2014-03-04 22:49 - 2014-03-04 23:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Program Files\FreeFixer
2014-03-04 22:47 - 2014-03-04 22:47 - 02551343 _____ (Kephyr) C:\Users\Stephen\Downloads\freefixersetup.exe
2014-03-04 19:27 - 2014-03-04 21:04 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-03-04 19:07 - 2014-03-07 23:50 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-03-04 19:07 - 2014-03-07 11:46 - 00000000 ____D () C:\Program Files\STOPzilla!
2014-03-04 19:07 - 2014-02-13 10:32 - 00044424 ____R (GFI Software) C:\Windows\system32\SBBD.EXE
2014-03-04 19:07 - 2014-02-13 10:32 - 00022064 ____R (GFI Software) C:\Windows\system32\Drivers\sbaphd.sys
2014-03-04 18:22 - 2014-03-04 18:22 - 04435768 _____ (AVG Technologies) C:\Users\Stephen\Downloads\avg_avct_stb_all_2014_4259_cm10.exe
2014-03-04 18:09 - 2014-03-04 18:09 - 01727624 _____ () C:\Users\Stephen\Downloads\Adaware_Installer.exe
2014-03-04 17:17 - 2014-02-28 22:20 - 00000741 _____ () C:\Windows\system32\Drivers\etc\hosts.20140304-171719.backup
2014-03-01 20:30 - 2014-03-01 20:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 19:59 - 2014-03-04 18:59 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-03-01 19:58 - 2014-03-01 19:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-01 19:22 - 2014-03-01 19:22 - 00000000 ____D () C:\rei
2014-03-01 19:19 - 2014-03-01 19:43 - 00000119 _____ () C:\Windows\Reimage.ini
2014-03-01 19:09 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-03-01 19:09 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2014-03-01 19:09 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-03-01 19:09 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2014-02-28 18:49 - 2014-02-28 18:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-27 18:13 - 2014-02-27 18:13 - 00000000 ____D () C:\Users\Stephen\Coop
2014-02-27 03:29 - 2014-02-27 03:29 - 00001014 _____ () C:\Users\Stephen\Desktop\PFGUI.exe - Shortcut.lnk
2014-02-26 08:53 - 2014-03-01 09:28 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-25 19:08 - 2014-02-25 19:08 - 00000876 _____ () C:\Users\Stephen\Desktop\AbiWord.exe - Shortcut.lnk
2014-02-25 18:55 - 2014-02-25 18:55 - 00000636 _____ () C:\ProgramData\ATI - Shortcut.lnk
2014-02-25 18:54 - 2014-02-25 18:54 - 00000676 _____ () C:\Users\Stephen\AbiSuite - Shortcut.lnk
2014-02-25 18:47 - 2014-02-25 18:47 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C
2014-02-25 18:42 - 2014-02-25 18:42 - 08335349 _____ (AbiSource Developers) C:\Users\Stephen\Downloads\abiword-setup-2.8.6(1).exe
2014-02-25 18:15 - 2014-03-07 22:06 - 00000000 ____D () C:\Users\Stephen\AbiSuite
2014-02-25 18:14 - 2014-02-27 12:51 - 00000000 ____D () C:\Program Files\AbiWord
2014-02-25 18:12 - 2014-02-25 18:12 - 08335349 _____ (AbiSource Developers) C:\Users\Stephen\Downloads\abiword-setup-2.8.6.exe
2014-02-25 16:23 - 2014-02-25 16:35 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\1H1Q
2014-02-25 09:40 - 2014-02-25 10:41 - 00000000 ____D () C:\Users\Stephen\AppData\Local\CrashDumps
2014-02-24 17:30 - 2014-02-24 17:30 - 00000000 ____D () C:\Program Files\AVG
2014-02-24 16:34 - 2014-02-24 16:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-24 03:13 - 2014-02-24 03:18 - 00000000 ____D () C:\AdwCleaner
2014-02-24 01:40 - 2014-02-24 01:40 - 03749640 _____ (PWI, Inc. ) C:\Users\Stephen\privatefirewall.exe24 02 2014.exe
2014-02-23 15:34 - 2010-05-13 17:34 - 00014232 _____ () C:\Windows\system32\sh4native.exe
2014-02-22 06:44 - 2014-02-22 06:44 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 06:43 - 2014-02-22 06:44 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 06:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-22 06:34 - 2014-02-22 06:34 - 03749640 _____ (PWI, Inc. ) C:\Users\Stephen\privatefirewall.exe
2014-02-22 06:08 - 2014-02-22 06:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 - 2014-02-22 06:04 - 00000000 ____D () C:\Users\Stephen\AppData\Local\MFAData
2014-02-22 06:04 - 2014-02-22 06:04 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Avg2014
2014-02-22 05:04 - 2014-02-22 05:04 - 00000270 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-02-22 04:44 - 2013-09-29 21:24 - 00130568 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys
2014-02-22 04:43 - 2014-02-28 18:00 - 00000146 _____ () C:\Windows\ODBC.INI
2014-02-22 04:43 - 2014-02-22 04:43 - 00000000 ____D () C:\ProgramData\Privacyware
2014-02-22 04:43 - 2014-02-22 04:43 - 00000000 ____D () C:\Program Files\Privacyware
2014-02-22 04:27 - 2014-02-22 04:27 - 40367128 _____ (Check Point Software Technologies LTD) C:\Users\Stephen\Downloads\zafwSetup_120_121_000.exe
2014-02-22 03:41 - 2014-02-22 03:42 - 00930952 _____ (CNET Download.com) C:\Users\Stephen\Downloads\cbsidlm-cbsi183-Privatefirewall-ORG-10371057.exe
2014-02-22 01:45 - 2014-02-22 01:45 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\SecureSearch
2014-02-22 01:24 - 2014-02-22 01:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-22 01:11 - 2014-02-22 01:11 - 00001047 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-02-19 00:33 - 2014-02-28 20:11 - 00000647 _____ () C:\sh4_service.log
2014-02-19 00:32 - 2014-02-23 14:20 - 00004606 _____ () C:\spyhunter.log
2014-02-19 00:30 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr
2014-02-19 00:30 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2014-02-18 23:26 - 2014-03-05 03:42 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-18 23:26 - 2014-02-18 23:26 - 00002083 _____ () C:\Users\Stephen\Desktop\SpyHunter.lnk
2014-02-18 23:26 - 2014-02-18 23:26 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-02-18 23:26 - 2014-02-18 23:26 - 00000000 ____D () C:\sh4ldr
2014-02-18 23:24 - 2014-02-27 16:12 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-18 23:24 - 2014-02-18 23:24 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Stephen\Downloads\SpyHunter-Installer.exe
2014-02-16 17:45 - 2014-02-16 17:46 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-13 10:32 - 2014-02-13 10:32 - 00066344 ____R (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\SZKG.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\is3srv.sys
2014-02-12 07:52 - 2014-02-12 07:55 - 00000000 ____D () C:\Users\Stephen\Blank Cd's
==================== One Month Modified Files and Folders =======
2014-03-07 23:50 - 2014-03-07 23:46 - 00017492 _____ () C:\Users\Stephen\Downloads\FRST.txt
2014-03-07 23:50 - 2014-03-04 19:07 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-03-07 23:46 - 2014-03-07 23:46 - 00000000 ____D () C:\FRST
2014-03-07 23:45 - 2014-03-07 23:45 - 01145344 _____ (Farbar) C:\Users\Stephen\Downloads\FRST.exe
2014-03-07 23:44 - 2014-03-07 23:14 - 00000002 _____ () C:\Users\Stephen\Desktop\Rkill.txt
2014-03-07 23:44 - 2008-03-08 12:01 - 02022245 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 23:42 - 2012-05-10 17:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 23:41 - 2014-03-07 23:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill(1).exe
2014-03-07 23:36 - 2014-03-07 23:36 - 00000120 _____ () C:\Windows\system32\Drivers\kgpfr2.cfg
2014-03-07 23:33 - 2010-02-04 19:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 23:31 - 2014-01-01 16:02 - 00000276 _____ () C:\Windows\Tasks\Driver Booster Update.job
2014-03-07 23:31 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 23:31 - 2006-11-02 12:47 - 00305616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-07 23:31 - 2006-11-02 12:47 - 00003568 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 23:31 - 2006-11-02 12:47 - 00003568 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 23:06 - 2008-03-08 12:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-07 23:06 - 2006-11-02 13:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-07 23:04 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.scr
2014-03-07 23:04 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.com
2014-03-07 23:04 - 2014-03-07 23:03 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.exe
2014-03-07 22:57 - 2010-04-30 19:36 - 00000000 ____D () C:\Program Files\IObit
2014-03-07 22:11 - 2010-02-04 19:03 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 22:06 - 2014-02-25 18:15 - 00000000 ____D () C:\Users\Stephen\AbiSuite
2014-03-07 18:58 - 2014-03-07 18:58 - 00000398 _____ () C:\Users\Stephen\Downloads - Shortcut (2).lnk
2014-03-07 18:52 - 2014-03-07 18:52 - 00000398 _____ () C:\Users\Stephen\Downloads - Shortcut.lnk
2014-03-07 16:30 - 2010-04-30 19:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-07 14:45 - 2014-03-07 14:45 - 00000566 _____ () C:\Users\Stephen\Desktop\MBR.zip.zip
2014-03-07 13:09 - 2014-03-04 22:49 - 00000312 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-03-07 11:46 - 2014-03-04 19:07 - 00000000 ____D () C:\Program Files\STOPzilla!
2014-03-07 02:07 - 2011-07-08 00:59 - 00001258 _____ () C:\Windows\WININIT.INI
2014-03-07 01:51 - 2014-03-07 01:51 - 00688992 ____R (Swearware) C:\Users\Stephen\Downloads\dds.scr
2014-03-07 01:29 - 2014-03-07 01:26 - 00000000 ____D () C:\Users\Stephen\Desktop\ERUNT
2014-03-07 01:26 - 2014-03-07 01:26 - 00000519 _____ () C:\Users\Stephen\Desktop\NTREGOPT.lnk
2014-03-07 01:26 - 2014-03-07 01:26 - 00000500 _____ () C:\Users\Stephen\Desktop\ERUNT.lnk
2014-03-07 01:26 - 2014-03-06 00:53 - 00000559 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\NTREGOPT.lnk
2014-03-07 01:26 - 2014-03-06 00:53 - 00000540 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\ERUNT.lnk
2014-03-07 01:22 - 2014-03-07 01:22 - 00791393 _____ (Lars Hederer ) C:\Users\Stephen\Downloads\erunt-setup.exe
2014-03-07 00:32 - 2014-01-09 15:16 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-03-07 00:32 - 2012-11-08 22:24 - 59949056 _____ () C:\Windows\system32\config\software.iobit
2014-03-07 00:32 - 2012-11-08 22:24 - 05087232 _____ () C:\Windows\system32\config\default.iobit
2014-03-07 00:32 - 2012-11-08 22:24 - 00094208 _____ () C:\Windows\system32\config\sam.iobit
2014-03-07 00:32 - 2012-11-08 22:24 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-03-07 00:32 - 2012-05-31 00:35 - 41881600 _____ () C:\Windows\system32\config\components.iobit
2014-03-06 23:54 - 2014-03-06 23:54 - 00018676 _____ () C:\Users\Stephen\Desktop\dds.txt
2014-03-06 01:56 - 2014-03-06 01:13 - 00004077 _____ () C:\Users\Stephen\Desktop\aswMBR.txt
2014-03-06 01:56 - 2014-03-06 01:13 - 00000512 _____ () C:\Users\Stephen\Desktop\MBR.dat
2014-03-05 23:38 - 2010-06-15 12:40 - 00000000 ____D () C:\ProgramData\IObit
2014-03-05 23:34 - 2010-04-30 19:36 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\IObit
2014-03-05 23:15 - 2014-03-05 21:28 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-05 23:15 - 2014-03-05 03:41 - 00000000 ____D () C:\Windows\A16BBEABAAEF434ABFDD297708709FCC.TMP
2014-03-05 21:29 - 2014-03-05 21:29 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\ParetoLogic
2014-03-05 21:29 - 2014-03-05 21:29 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\DriverCure
2014-03-05 19:12 - 2008-03-23 12:37 - 00074368 _____ () C:\Users\Stephen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 03:42 - 2014-02-18 23:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-05 03:11 - 2009-04-30 20:27 - 00000000 ____D () C:\ProgramData\GARMIN
2014-03-05 03:04 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
2014-03-05 02:58 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
2014-03-05 00:16 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\FreeFixer
2014-03-04 23:08 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Local\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Program Files\FreeFixer
2014-03-04 22:47 - 2014-03-04 22:47 - 02551343 _____ (Kephyr) C:\Users\Stephen\Downloads\freefixersetup.exe
2014-03-04 21:04 - 2014-03-04 19:27 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-03-04 19:08 - 2014-03-05 18:13 - 00450016 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-181330.backup
2014-03-04 18:59 - 2014-03-01 19:59 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-03-04 18:23 - 2010-10-15 18:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-04 18:22 - 2014-03-04 18:22 - 04435768 _____ (AVG Technologies) C:\Users\Stephen\Downloads\avg_avct_stb_all_2014_4259_cm10.exe
2014-03-04 18:09 - 2014-03-04 18:09 - 01727624 _____ () C:\Users\Stephen\Downloads\Adaware_Installer.exe
2014-03-04 17:04 - 2011-07-13 01:24 - 00000000 ____D () C:\Windows\pss
2014-03-04 15:43 - 2013-11-19 09:01 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-04 08:16 - 2013-12-29 00:45 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-02 08:26 - 2010-05-04 17:15 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-01 20:30 - 2014-03-01 20:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 19:58 - 2014-03-01 19:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-01 19:43 - 2014-03-01 19:19 - 00000119 _____ () C:\Windows\Reimage.ini
2014-03-01 19:22 - 2014-03-01 19:22 - 00000000 ____D () C:\rei
2014-03-01 17:45 - 2009-09-09 21:20 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Apple Computer
2014-03-01 16:42 - 2013-01-29 12:20 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-01 09:44 - 2012-09-15 16:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 09:28 - 2014-02-26 08:53 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-28 22:20 - 2014-03-04 17:17 - 00000741 _____ () C:\Windows\system32\Drivers\etc\hosts.20140304-171719.backup
2014-02-28 20:11 - 2014-02-19 00:33 - 00000647 _____ () C:\sh4_service.log
2014-02-28 18:49 - 2014-02-28 18:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-28 18:00 - 2014-02-22 04:43 - 00000146 _____ () C:\Windows\ODBC.INI
2014-02-27 18:13 - 2014-02-27 18:13 - 00000000 ____D () C:\Users\Stephen\Coop
2014-02-27 17:41 - 2010-05-05 20:16 - 00000000 ____D () C:\Users\Stephen\ME CFS
2014-02-27 17:33 - 2010-05-05 19:54 - 00000000 ____D () C:\Users\Stephen\Virgin bills
2014-02-27 17:25 - 2012-08-15 00:26 - 00000000 ____D () C:\Users\Stephen\Amazon orders
2014-02-27 17:09 - 2012-11-23 20:15 - 00000000 ____D () C:\Users\Stephen\Mozilla
2014-02-27 17:08 - 2010-06-30 20:17 - 00000000 ____D () C:\Users\Stephen\exotic india
2014-02-27 17:07 - 2012-12-12 14:31 - 00000000 ____D () C:\Users\Stephen\JOT
2014-02-27 17:05 - 2013-02-16 20:42 - 00000000 ____D () C:\Users\Stephen\Ocean Dharma
2014-02-27 17:05 - 2010-05-24 03:40 - 00000000 ____D () C:\Users\Stephen\computer Stuff
2014-02-27 17:03 - 2013-07-13 14:36 - 00000000 ____D () C:\Users\Stephen\Petitions
2014-02-27 16:12 - 2014-02-18 23:24 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-27 12:51 - 2014-02-25 18:14 - 00000000 ____D () C:\Program Files\AbiWord
2014-02-27 12:51 - 2010-05-05 09:58 - 00000000 ____D () C:\Program Files\Paint.NET
2014-02-27 03:29 - 2014-02-27 03:29 - 00001014 _____ () C:\Users\Stephen\Desktop\PFGUI.exe - Shortcut.lnk
2014-02-25 19:08 - 2014-02-25 19:08 - 00000876 _____ () C:\Users\Stephen\Desktop\AbiWord.exe - Shortcut.lnk
2014-02-25 18:55 - 2014-02-25 18:55 - 00000636 _____ () C:\ProgramData\ATI - Shortcut.lnk
2014-02-25 18:54 - 2014-02-25 18:54 - 00000676 _____ () C:\Users\Stephen\AbiSuite - Shortcut.lnk
2014-02-25 18:47 - 2014-02-25 18:47 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C
2014-02-25 18:42 - 2014-02-25 18:42 - 08335349 _____ (AbiSource Developers) C:\Users\Stephen\Downloads\abiword-setup-2.8.6(1).exe
2014-02-25 18:12 - 2014-02-25 18:12 - 08335349 _____ (AbiSource Developers) C:\Users\Stephen\Downloads\abiword-setup-2.8.6.exe
2014-02-25 16:53 - 2012-10-30 05:55 - 00000725 _____ () C:\Users\Stephen\Desktop\HijackThis.lnk
2014-02-25 16:35 - 2014-02-25 16:23 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\1H1Q
2014-02-25 16:21 - 2010-05-05 20:53 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-02-25 10:41 - 2014-02-25 09:40 - 00000000 ____D () C:\Users\Stephen\AppData\Local\CrashDumps
2014-02-24 17:30 - 2014-02-24 17:30 - 00000000 ____D () C:\Program Files\AVG
2014-02-24 16:44 - 2014-02-24 16:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-24 03:18 - 2014-02-24 03:13 - 00000000 ____D () C:\AdwCleaner
2014-02-24 01:40 - 2014-02-24 01:40 - 03749640 _____ (PWI, Inc. ) C:\Users\Stephen\privatefirewall.exe24 02 2014.exe
2014-02-23 18:36 - 2006-11-02 12:50 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-02-23 14:20 - 2014-02-19 00:32 - 00004606 _____ () C:\spyhunter.log
2014-02-22 13:38 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\L2Schemas
2014-02-22 06:44 - 2014-02-22 06:44 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 06:44 - 2014-02-22 06:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 06:34 - 2014-02-22 06:34 - 03749640 _____ (PWI, Inc. ) C:\Users\Stephen\privatefirewall.exe
2014-02-22 06:08 - 2014-02-22 06:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 - 2014-02-22 06:04 - 00000000 ____D () C:\Users\Stephen\AppData\Local\MFAData
2014-02-22 06:04 - 2014-02-22 06:04 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Avg2014
2014-02-22 05:07 - 2006-11-02 11:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-22 05:04 - 2014-02-22 05:04 - 00000270 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-02-22 04:43 - 2014-02-22 04:43 - 00000000 ____D () C:\ProgramData\Privacyware
2014-02-22 04:43 - 2014-02-22 04:43 - 00000000 ____D () C:\Program Files\Privacyware
2014-02-22 04:27 - 2014-02-22 04:27 - 40367128 _____ (Check Point Software Technologies LTD) C:\Users\Stephen\Downloads\zafwSetup_120_121_000.exe
2014-02-22 03:42 - 2014-02-22 03:41 - 00930952 _____ (CNET Download.com) C:\Users\Stephen\Downloads\cbsidlm-cbsi183-Privatefirewall-ORG-10371057.exe
2014-02-22 01:45 - 2014-02-22 01:45 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\SecureSearch
2014-02-22 01:24 - 2014-02-22 01:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-22 01:14 - 2012-03-05 22:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-22 01:11 - 2014-02-22 01:11 - 00001047 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-02-22 01:11 - 2013-11-19 09:01 - 00001023 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-02-22 00:56 - 2011-07-17 15:03 - 00001356 _____ () C:\Users\Stephen\AppData\Local\d3d9caps.dat
2014-02-21 09:42 - 2012-05-10 17:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 09:42 - 2011-06-10 08:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-18 23:26 - 2014-02-18 23:26 - 00002083 _____ () C:\Users\Stephen\Desktop\SpyHunter.lnk
2014-02-18 23:26 - 2014-02-18 23:26 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-02-18 23:26 - 2014-02-18 23:26 - 00000000 ____D () C:\sh4ldr
2014-02-18 23:24 - 2014-02-18 23:24 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Stephen\Downloads\SpyHunter-Installer.exe
2014-02-17 18:23 - 2011-09-12 02:11 - 00000000 ____D () C:\Users\Stephen\EBay Purchases
2014-02-16 18:02 - 2009-05-18 21:05 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Apple Computer
2014-02-16 17:47 - 2012-06-19 18:16 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-16 17:46 - 2014-02-16 17:45 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-16 17:46 - 2012-06-19 18:14 - 00000000 ____D () C:\Program Files\iTunes
2014-02-16 17:38 - 2009-05-18 21:00 - 00000000 ____D () C:\ProgramData\Apple
2014-02-16 11:22 - 2012-05-08 01:22 - 00000000 ____D () C:\Users\Stephen\Sounds True
2014-02-16 11:10 - 2012-09-08 14:17 - 00000000 ____D () C:\Users\Stephen\VapeEscape
2014-02-16 11:08 - 2010-09-02 10:33 - 00000000 ____D () C:\Users\Stephen\Anam Cara Lawrence Edwards
2014-02-14 03:04 - 2013-08-06 02:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 03:01 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-13 10:32 - 2014-03-04 19:07 - 00044424 ____R (GFI Software) C:\Windows\system32\SBBD.EXE
2014-02-13 10:32 - 2014-03-04 19:07 - 00022064 ____R (GFI Software) C:\Windows\system32\Drivers\sbaphd.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00066344 ____R (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\SZKG.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\is3srv.sys
2014-02-13 08:20 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 07:07 - 2006-11-02 10:33 - 00743232 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 08:26 - 2013-07-13 14:48 - 00000000 ____D () C:\Users\Stephen\Reggie Ray -Dharma Ocean
2014-02-12 08:21 - 2010-05-02 00:52 - 00000000 ____D () C:\Users\Stephen\J G Ballard
2014-02-12 08:19 - 2011-11-07 19:12 - 00000000 ____D () C:\Users\Stephen\Feng Shui
2014-02-12 08:07 - 2013-04-25 14:55 - 00000000 ____D () C:\Users\Stephen\ALLPAY
2014-02-12 07:55 - 2014-02-12 07:52 - 00000000 ____D () C:\Users\Stephen\Blank Cd's
2014-02-12 07:54 - 2012-09-01 09:51 - 00000000 ____D () C:\Users\Stephen\Electronic Cigs
2014-02-12 07:50 - 2013-04-17 14:16 - 00000000 ____D () C:\Users\Stephen\Leisure Liquids
2014-02-12 07:47 - 2013-08-12 04:43 - 00000000 ____D () C:\Users\Stephen\ECig And Juice
2014-02-12 07:39 - 2013-11-20 09:55 - 00000000 ____D () C:\Users\Stephen\CLOUD 9 Vaping
2014-02-12 07:08 - 2013-06-09 05:29 - 00000000 ____D () C:\Users\Stephen\Wise Brain Bulletin
2014-02-12 06:59 - 2013-08-28 20:37 - 00000000 ____D () C:\Users\Stephen\Finlux TV
2014-02-07 04:57 - 2013-12-30 01:18 - 00000000 ____D () C:\Program Files\Seagate
Files to move or delete:
====================
C:\Users\Stephen\privatefirewall.exe
C:\Users\Stephen\privatefirewall.exe24 02 2014.exe
Some content of TEMP:
====================
C:\Users\Stephen\AppData\Local\Temp\RHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-07 23:42
==================== End Of Log ============================
Will do a seperate post for FRST Addition
Regards.
laudorum
laudorum
2014-03-08, 02:48
Here is the Erst Addition log:-
ERST adddition
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2014 01
Ran by Stephen at 2014-03-07 23:50:48
Running from C:\Users\Stephen\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: STOPzilla (Disabled - Up to date) {17032AB1-6644-0721-EEB5-A39B8B646009}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: STOPzilla (Enabled - Up to date) {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
==================== Installed Programs ======================
AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems Inc.) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2011 (Version: 10.0.1136 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1144 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1153 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1170 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1191 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1202 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1204 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1209 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1321 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1325 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1375 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1382 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1388 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1390 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1391 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1392 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1410 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1831 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1834 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1869 - AVG Technologies) Hidden
BBC iPlayer Desktop (HKLM\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.7 - British Broadcasting Corp.)
BBC iPlayer Desktop (Version: 3.2.7 - British Broadcasting Corp.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07311 - Dell)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.2 - IObit)
eJuice Me Up (HKLM\...\{28107FBC-832A-4E18-9C9D-4E771B441F69}) (Version: 11.0.0.0 - Breaktru Software)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
FreeFixer (HKLM\...\FreeFixer1.09) (Version: 1.09 - Kephyr)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Drive (HKLM\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel Performance Power Manager (HKLM\...\{E65E367B-B25C-4FF8-B270-D5277E7CF1B0}) (Version: 1.0.0 - Intel)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections 12.1.12.4 (HKLM\...\PROSetDX) (Version: - Dell)
Intel(R) PRO Network Connections 12.1.12.4 (Version: - Dell) Hidden
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.0.5.1228 - IObit)
iTuner (HKLM\...\{E233EF8A-D04F-49B9-996B-218F3C3EA543}) (Version: 1.2.3782 - River Software)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Kaspersky Security Scan (Version: 12.0.1.340 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mouse Suite for Desktop Computers (HKLM\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
Mozilla Firefox (3.6.2pre) (HKLM\...\Mozilla Firefox (3.6.2pre)) (Version: 3.6.2pre (en-GB) - Mozilla)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero MediaHome 4 (Version: 4.5.8.0 - Nero AG) Hidden
Nero MediaHome 4 Essentials (HKLM\...\{9aa15211-f231-4ded-9399-f89a7ea12358}) (Version: - Nero AG)
Nero MediaHome 4 Help (Version: 4.5.5.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rapport (Version: 3.5.0912.43 - Trusteer) Hidden
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter (HKLM\...\{AF549236-6258-4AC6-A043-5B5B89C6EB61}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
STOPzilla (HKLM\...\{95BB3533-1FB3-4D9C-854F-2015378FC899}) (Version: 6.1.70.15 - iS3 Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.55.1000 - SUPERAntiSpyware.com)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0) (HKLM\...\C9366D62B68888C2B199785A50F4E68CA9E6A4A6) (Version: 12/27/2006 8.0.0.0 - Hewlett-Packard)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XPS MiniView Gadget (HKLM\...\{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}) (Version: 1.00.0000 - CompanionLink Software, Inc.)
ZoneAlarm Security Toolbar (HKLM\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD)
==================== Restore Points =========================
25-02-2014 18:26:23 Windows Update
26-02-2014 03:00:13 Windows Update
26-02-2014 21:16:47 Scheduled Checkpoint
27-02-2014 03:00:12 Windows Update
27-02-2014 03:04:04 Windows Update
28-02-2014 09:29:23 Windows Update
28-02-2014 18:00:42 Device Driver Package Install: Privacyware Network Service
01-03-2014 03:00:13 Windows Update
01-03-2014 17:37:49 IObit Uninstaller restore point
01-03-2014 17:44:23 IObit Uninstaller restore point
01-03-2014 17:44:55 Removed iCloud
01-03-2014 19:44:54 IObit Uninstaller restore point
01-03-2014 19:57:51 Installed Kaspersky Security Scan.
02-03-2014 08:39:10 Windows Update
03-03-2014 00:00:02 Scheduled Checkpoint
03-03-2014 07:09:41 Windows Update
03-03-2014 19:55:11 Scheduled Checkpoint
04-03-2014 03:00:14 Windows Update
04-03-2014 18:11:16 AA11
04-03-2014 18:17:07 AA11
04-03-2014 18:23:35 Installed AVG 2014
04-03-2014 18:24:28 Installed AVG 2014
04-03-2014 18:27:46 Removed AVG 2014
04-03-2014 18:41:13 Windows Update
04-03-2014 18:45:03 Windows Update
04-03-2014 18:55:33 IObit Uninstaller restore point
04-03-2014 18:56:01 Removed Kaspersky Security Scan.
04-03-2014 19:00:02 IObit Uninstaller restore point
04-03-2014 19:06:49 Installed STOPzilla
04-03-2014 19:12:46 STOPzilla Restore Point.
05-03-2014 03:00:14 Windows Update
05-03-2014 03:41:08 Installed RegHunter
05-03-2014 23:00:15 Scheduled Checkpoint
05-03-2014 23:31:28 IObit Uninstaller restore point
05-03-2014 23:36:42 IObit Uninstaller restore point
06-03-2014 03:00:14 Windows Update
06-03-2014 03:04:13 Windows Update
07-03-2014 09:03:39 Windows Update
07-03-2014 16:41:55 Windows Update
07-03-2014 16:50:35 Windows Update
07-03-2014 17:43:10 Windows Update
07-03-2014 17:46:57 Windows Update
07-03-2014 18:30:48 Windows Update
07-03-2014 18:56:09 Windows Update
07-03-2014 19:00:24 Windows Update
07-03-2014 20:15:48 Windows Update
07-03-2014 20:18:57 Windows Update
07-03-2014 22:50:24 IObit Uninstaller restore point
==================== Hosts content: ==========================
2006-11-02 10:23 - 2014-03-04 19:08 - 00450016 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {065272E5-E4FA-4BA2-907E-7564A5A8FCEF} - \MySearchDial No Task File
Task: {169DD723-2179-4CAB-8FDD-9BACD02F02A2} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-01-07] (IObit)
Task: {1749FD37-581F-4B32-9DFD-7580192A13D6} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2E5C3F1E-5D77-47B4-A8BD-F7D42B58954B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {3321E6B5-8E01-4A22-B64F-9099EAC2C97B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {515408E0-C9A8-477D-AE8C-C41C7A101F53} - System32\Tasks\ASC7_SkipUac_Stephen => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
Task: {5F98BF31-4387-46C6-B3C8-45A851AFD212} - System32\Tasks\ASCv5_AutoUpdateD => C:\Program Files\IObit\Advanced SystemCare 5\AutoUpdate.exe
Task: {695C25F1-9C03-44B1-8BE9-4DA667A659DD} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
Task: {727DCAF5-B337-4011-832B-CD49DF89FDE9} - System32\Tasks\Microsoft\Windows\RestartManager\{A60AD69B-C090-46ba-9C20-79961A3F48D5} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {8A83618C-B097-4403-A0E6-D8C35DFC8232} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2014-02-10] (Kephyr)
Task: {8F9EFD08-D282-4076-9E2A-C2DB14BCE2A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {901B2E76-EBD2-41F1-87DF-637E914D9A86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04] (Google Inc.)
Task: {9A9F885C-9945-4423-A0BC-95638FB08242} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9D658023-B590-4CB3-827D-8A779D101669} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-01-09] (IObit)
Task: {A34A1E68-7A1B-4404-8E3C-63D66BC6F594} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-01-09] (IObit)
Task: {A4BC131A-5491-4FA7-A7F6-075647C51105} - \RegCure No Task File
Task: {AE290134-ADDA-4A19-832A-02B389054567} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-02-22] (IObit)
Task: {D2F4D625-4EB1-4DBE-8C39-FC81E66A4F6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E0D3A744-072C-486F-9098-98682D48C05A} - \RegCure Program Check No Task File
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EC42E27A-E8E1-4AA2-9A8D-435A41CD7A20} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASCv5_AutoUpdateD.job => C:\Program Files\IObit\Advanced SystemCare 5\AutoUpdate.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) =============
2014-03-04 19:12 - 2014-02-07 10:24 - 00190752 _____ () C:\ProgramData\STOPzilla!\VIPRE\libBase64.dll
2014-03-04 19:12 - 2014-02-07 10:24 - 00178464 _____ () C:\ProgramData\STOPzilla!\VIPRE\libMachoUniv.dll
2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-01 16:11 - 2014-01-01 16:11 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2014-01-23 06:43 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files\IObit\Smart Defrag 3\webres.dll
2010-07-18 05:12 - 2010-07-18 05:12 - 00006144 _____ () C:\Users\Stephen\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.0.gadget\CoreTempReader.dll
2010-07-18 05:12 - 2010-07-18 05:12 - 00008704 _____ () C:\Users\Stephen\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.0.gadget\GetCoreTempInfoNET.dll
2010-07-18 05:12 - 2010-07-18 05:12 - 00007680 _____ () C:\Users\Stephen\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.0.gadget\SystemInfo.dll
2013-03-06 15:43 - 2013-03-01 14:29 - 02557544 _____ () C:\Program Files\SpywareBlaster\SpywareBlaster\spywareblaster.exe
2013-03-06 15:43 - 2010-01-28 19:34 - 00417792 _____ () C:\Program Files\SpywareBlaster\SpywareBlaster\SQLite3SB.dll
2014-03-01 20:30 - 2014-03-01 20:30 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: Bandoo Coordinator => 2
MSCONFIG\startupreg: Adobe ARM => c:\program files\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: AppleSyncNotifier => c:\program files\common files\apple\mobile device support\applesyncnotifier.exe
MSCONFIG\startupreg: APSDaemon => c:\program files\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: DellSupportCenter => "c:\program files\dell support center\bin\sprtcmd.exe" /p dellsupportcenter
MSCONFIG\startupreg: dscactivate => c:\program files\dell support center\gs_agent\custom\dsca.exe
MSCONFIG\startupreg: ECenter => c:\dell\e-center\eulalauncher.exe
MSCONFIG\startupreg: ehTray.exe => c:\windows\ehome\ehtray.exe
MSCONFIG\startupreg: Google Desktop Search => "c:\program files\google\google desktop search\googledesktop.exe" /startup
MSCONFIG\startupreg: IAAnotif => c:\program files\intel\intel matrix storage manager\iaanotif.exe
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: Memeo Instant Backup =>
MSCONFIG\startupreg: MobileDocuments => c:\program files\common files\apple\internet services\ubd.exe
MSCONFIG\startupreg: msnmsgr =>
MSCONFIG\startupreg: Nero MediaHome 4 => "c:\program files\nero\nero mediahome 4\neromediahome.exe" /autorun
MSCONFIG\startupreg: PMX Daemon =>
MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: Seagate Dashboard =>
MSCONFIG\startupreg: SigmatelSysTrayApp => c:\program files\sigmatel\c-major audio\wdm\sttray.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => c:\program files\spybot - search & destroy\teatimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files\common files\java\java update\jusched.exe
MSCONFIG\startupreg: tvncontrol =>
MSCONFIG\startupreg: UpdReg =>
MSCONFIG\startupreg: Windows Defender => %programfiles%\windows defender\msascui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => c:\program files\windows media player\wmpnscfg.exe
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2014 11:37:39 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (03/07/2014 11:31:24 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 11:12:16 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (03/07/2014 10:58:39 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 10:50:23 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d1675748-0c12-4254-bbab-a417372883b6}
Error: (03/07/2014 06:41:06 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 02:31:35 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 08:52:09 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 02:51:52 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 01:57:52 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
System errors:
=============
Error: (03/07/2014 11:37:39 PM) (Source: Service Control Manager) (User: )
Description: Windows Update
Error: (03/07/2014 11:33:04 PM) (Source: Service Control Manager) (User: )
Description: LiveUpdate1
Error: (03/07/2014 11:32:07 PM) (Source: Service Control Manager) (User: )
Description: szkgfs%%2
Error: (03/07/2014 11:31:58 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSDriver
AVGIDSShim
is3srv
SBRE
szkgfs
Error: (03/07/2014 11:31:51 PM) (Source: Service Control Manager) (User: )
Description: SessionLauncher%%3
Error: (03/07/2014 11:12:59 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSDriver
AVGIDSShim
is3srv
SASDIFSV
SASKUTIL
SBRE
spldr
szkgfs
Wanarpv6
Error: (03/07/2014 11:12:59 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068
Error: (03/07/2014 11:12:21 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/07/2014 11:12:20 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (03/07/2014 11:12:16 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
Error: (03/07/2014 11:37:39 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (03/07/2014 11:31:24 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 11:12:16 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (03/07/2014 10:58:39 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 10:50:23 PM) (Source: VSS)(User: )
Description: 0x80070005
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d1675748-0c12-4254-bbab-a417372883b6}
Error: (03/07/2014 06:41:06 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 02:31:35 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 08:52:09 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 02:51:52 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/07/2014 01:57:52 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
CodeIntegrity Errors:
===================================
Date: 2014-03-05 22:18:59.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-05 22:18:59.735
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-05 22:18:59.571
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-05 22:18:59.420
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-05 22:18:28.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-05 22:18:28.329
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-05 22:18:28.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-05 22:18:28.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-05 21:44:38.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-03-05 21:44:38.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 2045.22 MB
Available physical RAM: 656.79 MB
Total Pagefile: 4337.48 MB
Available Pagefile: 2649.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.34 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:217.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 70000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Advanced System Care was corrupted,would not let me access.Had to do a forced uninstall
Hope This Helps.
laudorum
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
Toolbar: HKCU - No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-03-04 22:49 - 2014-03-07 13:09 - 00000312 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-03-04 22:49 - 2014-03-05 00:16 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\FreeFixer
2014-03-04 22:49 - 2014-03-04 23:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Program Files\FreeFixer
2014-03-04 22:47 - 2014-03-04 22:47 - 02551343 _____ (Kephyr) C:\Users\Stephen\Downloads\freefixersetup.exe
C:\Users\Stephen\privatefirewall.exe
C:\Users\Stephen\privatefirewall.exe24 02 2014.exe
C:\Users\Stephen\AppData\Local\Temp\RHSetup.exe
Reboot:
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~~~~~~~~
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
Please post:
fixlist.txt
AdwCleaner.txt
JRT.txt
laudorum
2014-03-08, 15:14
Hi again Juliet,
As requested here is the fixlist.txt:-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-03-2014 01
Ran by Stephen at 2014-03-08 12:11:26 Run:1
Running from C:\Users\Stephen\Desktop\FRST
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
Toolbar: HKCU - No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-03-04 22:49 - 2014-03-07 13:09 - 00000312 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-03-04 22:49 - 2014-03-05 00:16 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\FreeFixer
2014-03-04 22:49 - 2014-03-04 23:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Program Files\FreeFixer
2014-03-04 22:47 - 2014-03-04 22:47 - 02551343 _____ (Kephyr) C:\Users\Stephen\Downloads\freefixersetup.exe
C:\Users\Stephen\privatefirewall.exe
C:\Users\Stephen\privatefirewall.exe24 02 2014.exe
C:\Users\Stephen\AppData\Local\Temp\RHSetup.exe
Reboot:
end
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} => Value deleted successfully.
HKCR\CLSID\{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\Tasks\FreeFixer background scan.job => Moved successfully.
C:\Users\Stephen\AppData\Roaming\FreeFixer => Moved successfully.
C:\Users\Stephen\AppData\Local\FreeFixer => Moved successfully.
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer => Moved successfully.
C:\Program Files\FreeFixer => Moved successfully.
C:\Users\Stephen\Downloads\freefixersetup.exe => Moved successfully.
C:\Users\Stephen\privatefirewall.exe => Moved successfully.
C:\Users\Stephen\privatefirewall.exe24 02 2014.exe => Moved successfully.
C:\Users\Stephen\AppData\Local\Temp\RHSetup.exe => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Here is the Adw Cleaner.txt:-
AdwCleaner v3.020 - Report created 08/03/2014 at 12:36:09
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Stephen - RODLEY
# Running from : C:\Users\Stephen\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Stephen\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Stephen\AppData\Roaming\ParetoLogic
File Deleted : C:\Windows\Tasks\Driver Booster Update.job
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{169DD723-2179-4CAB-8FDD-9BACD02F02A2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{169DD723-2179-4CAB-8FDD-9BACD02F02A2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{065272E5-E4FA-4BA2-907E-7564A5A8FCEF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\prefs.js ]
-\\ Google Chrome v33.0.1750.146
[ File : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5426 octets] - [24/02/2014 03:13:31]
AdwCleaner[R1].txt - [1947 octets] - [08/03/2014 12:34:42]
AdwCleaner[S0].txt - [5244 octets] - [24/02/2014 03:14:39]
AdwCleaner[S1].txt - [1927 octets] - [08/03/2014 12:36:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1987 octets] #####
I will send the JRT.txt,on a seperate post.
Regards
laudorum
after you run and post JRT.txt
give me an update on how the computer is now.
Also, please don't put a lot of faith in
STOPzilla Reports another Trojan:-
This is an application we usually request people to uninstall.
laudorum
2014-03-08, 17:10
Juliet,Here is The Zipped JRT.txt File:-
11311
Regards laudorum
laudorum
2014-03-08, 17:22
Thanks for your last post Juliet,and Yes the PC is booting up Quicker and dos'nt seem so Sluggish.
Regarding your Remarks about STOPzilla,Should I delete?
Regards,
laudorum
Regarding your Remarks about STOPzilla,Should I delete? Yes
For security we need to try and get an antivirus program on the computer.
I see bits and pieces of AVG?
Let's see if we can get this one on and working. Then we can remove whats left of AVG.
Microsoft Security Essentials, run the update, and allow it to do a quick scan
http://windows.microsoft.com/en-us/windows/security-essentials-download
laudorum
2014-03-08, 19:07
I've just been giving the PC a run and while it is a Little Faster ,It is slow compared to it's uninfected state.I am still getting Host Alerts,and Firefox is still very slow and occasionally Will Not Respond ie the screen goes black,for 3/4 seconds.I believe the Nero Prog Slows the Startup.At some stage I'm thinking that this could be deleted.
That's it for now.
Many Thanks,
laudorum
laudorum
2014-03-08, 19:17
Hi Juliet,
Thanks for your last post.with regard to microsoft securitr essentials the prog is asking me to uninstall all AV and AMW progs.Is this OK to do.
Can you let me know.
laudorum
2014-03-08, 19:55
Firstly,STOPZilla is uninstalled.I down/L MSE and ran the prog.The Virus & Spyware definitions could'nt be updated.Do I need To Uninstall all AV & AMW progs,at this stage.
Every time I Download something,I get a lot of alerts from my firewall,and I have to be careful that I don't let Nasties in.I presume this is due to the Trojans & Hijackers on my PC?
Regards
laudorum
Hi Juliet,
Thanks for your last post.with regard to microsoft securitr essentials the prog is asking me to uninstall all AV and AMW progs.Is this OK to do.
Can you let me know.
Would like to see only 1 antivirus on the computer and it is customary for there to be a recommendation to remove previous antivirus to do a new install.
Firstly,STOPZilla is uninstalled.I down/L MSE and ran the prog.The Virus & Spyware definitions could'nt be updated.Do I need To Uninstall all AV & AMW progs,at this stage.
Every time I Download something,I get a lot of alerts from my firewall,and I have to be careful that I don't let Nasties in.I presume this is due to the Trojans & Hijackers on my PC?
Regards
laudorum
Please allow MSE to update and set permissions from your Firewall. Any programs you remove such as anti-malware scanners can be replaced with free versions.
Proceed with instructions above then follow:
Please Run TFC by OldTimer to clear temporary files:
Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
laudorum
2014-03-09, 19:04
Hi Juliet,Thanks for your post.As requested I have now deleted all AV & AMw progs.This took me longer than I anticipated,since most of the files seemed to be corrupted.When I clicked on the Icon and then Clicked on the Permission window I got a new window which said "error 5-Access is Denied".
So i had to do A forced uninstall with 10bit uninstaller.
I downloaded TFC and MBAM,And Ran Them.MBAM showed No Infections.I followed It up With a Full scan,With The same result.
MBAM LOGMalwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.09.03
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stephen :: RODLEY [administrator]
09/03/2014 05:34:50
mbam-log-2014-03-09 (05-34-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 250092
Time elapsed: 12 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OK
Please give me an update on how the computer is now.
laudorum
2014-03-10, 01:46
PC is still very slow to bootup and I'm having problems with Firefox not responding(again this is very slow and Can't be rushed or the screen goes blank)
I'm still missing 200Gb of disc(this probably goes some way to explaining the slow response)
I've spent a lot of time going through the files,and have found a couple of things That don't look Right.
FirstlyThere's a File I can't Access"system volume information".the folder is showing empty,but will not delete,even after adjusting the permissions.
Can this have anything to do with the missing disc space?
Also i've been looking at the quicktime files and see an awful lot of recent file dates.I have not updated this prog or even opened it.It's not a prog I use very much.So I don't know What's happening there!
Is there another Av Prog you would reccomend (I don't mind paying for it),for my peace of mind.
So overall, despite your good,and very helpfull efforts, the performance is nowhere near what it was.
Let's see if this next scan can find anything hidden for us that might explain some of these issues.
If you have problems running it in normal mode please reboot into safe mode and try again.
~~~~~~~~~~~~~~~~~~~
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Place ComboFix.exe on your Desktop <--Important
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
laudorum
2014-03-10, 22:19
Sorry for the delay in posting,It's been one of those days.
As requested I attach combofix logs:-
ComboFix 14-03-10.01 - Stephen 10/03/2014 19:09:48.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1505 [GMT 0:00]
Running from: c:\users\Stephen\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 )))))))))))))))))))))))))))))))
.
.
2014-03-10 19:23 . 2014-03-10 19:23 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2014-03-10 19:23 . 2014-03-10 19:23 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2014-03-10 19:23 . 2014-03-10 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 12:06 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72FABEA3-ED12-4B51-B4C6-E7566D748120}\mpengine.dll
2014-03-09 17:50 . 2014-03-09 17:50 -------- d-----w- c:\users\Stephen\AppData\Roaming\SUPERAntiSpyware.com
2014-03-09 16:29 . 2014-03-09 16:29 -------- d-----w- c:\programdata\ProductData
2014-03-09 06:12 . 2014-03-09 06:12 -------- d-----w- c:\programdata\WindowsSearch
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 00:19 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-09 00:16 . 2014-03-09 00:16 -------- d-----w- c:\program files\Microsoft Security Client
2014-03-08 16:35 . 2014-03-08 16:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 12:53 . 2014-03-08 12:53 -------- d-----w- c:\windows\ERUNT
2014-03-07 23:46 . 2014-03-08 12:11 -------- d-----w- C:\FRST
2014-03-05 00:16 . 2010-03-08 10:10 9216 ----a-w- c:\windows\system32\ffnd.exe
2014-03-01 19:09 . 2013-11-05 14:38 274432 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-01 19:09 . 2013-11-05 14:38 1122304 ----a-w- c:\windows\system32\libeay32.dll
2014-03-01 19:09 . 2012-12-10 11:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-03-01 19:09 . 2012-12-10 11:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-02-28 18:49 . 2014-02-28 18:49 -------- d-----w- c:\users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-27 18:13 . 2014-02-27 18:13 -------- d-----w- c:\users\Stephen\Coop
2014-02-26 08:53 . 2014-03-01 09:28 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-25 18:15 . 2014-03-09 19:55 -------- d-----w- c:\users\Stephen\AbiSuite
2014-02-25 18:14 . 2014-02-27 12:51 -------- d-----w- c:\program files\AbiWord
2014-02-25 16:23 . 2014-02-25 16:35 -------- d-----w- c:\users\Stephen\AppData\Roaming\1H1Q
2014-02-25 09:40 . 2014-02-25 10:41 -------- d-----w- c:\users\Stephen\AppData\Local\CrashDumps
2014-02-24 17:30 . 2014-02-24 17:30 -------- d-----w- c:\program files\AVG
2014-02-24 03:13 . 2014-03-08 12:36 -------- d-----w- C:\AdwCleaner
2014-02-23 15:34 . 2010-05-13 17:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2014-02-22 06:43 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 06:08 . 2014-02-22 06:08 -------- d-----w- c:\users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 . 2014-02-22 06:04 -------- d-----w- c:\users\Stephen\AppData\Local\MFAData
2014-02-22 06:04 . 2014-02-22 06:04 -------- d-----w- c:\users\Stephen\AppData\Local\Avg2014
2014-02-22 04:44 . 2013-09-29 21:24 130568 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\programdata\Privacyware
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\program files\Privacyware
2014-02-22 03:49 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6F44954-D839-4401-A1D9-9517F6A307DD}\mpengine.dll
2014-02-22 01:45 . 2014-02-22 01:45 -------- d-----w- c:\users\Stephen\AppData\Roaming\SecureSearch
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-02-18 23:24 . 2014-02-27 16:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-02-12 07:52 . 2014-02-12 07:55 -------- d-----w- c:\users\Stephen\Blank Cd's
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 09:42 . 2012-05-10 17:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 09:42 . 2011-06-10 08:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2009-10-03 14:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-17 03:14 . 2014-01-17 03:14 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-08 15:54 . 2014-01-23 06:43 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-03 10:00 . 2013-09-27 00:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-01 16:49 . 2008-03-08 19:56 317240 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 16:49 . 2014-01-01 16:49 83808 ----a-w- c:\windows\system32\NicInE6.dll
2014-01-01 16:49 . 2014-01-01 16:49 28272 ----a-w- c:\windows\system32\NicCo26.dll
2014-01-01 16:49 . 2014-01-01 16:49 232296 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2014-01-01 16:49 . 2014-01-01 16:49 121440 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 16:12 . 2014-01-01 16:12 319456 ----a-w- c:\windows\system32\Difxapi.dll
2014-01-01 16:12 . 2014-01-01 16:12 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-01-01 16:12 . 2014-01-01 16:12 48544 ----a-w- c:\windows\system32\atiuxpag.dll
2014-01-01 16:12 . 2008-03-08 19:56 4782960 ----a-w- c:\windows\system32\atiumdva.dll
2014-01-01 16:11 . 2014-01-01 16:11 38768 ----a-w- c:\windows\system32\atiu9pag.dll
2014-01-01 16:11 . 2014-01-01 16:11 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 1978240 ----a-w- c:\windows\system32\atiumdmv.dll
2014-01-01 16:11 . 2008-03-08 19:56 6288832 ----a-w- c:\windows\system32\atiumdag.dll
2014-01-01 16:11 . 2014-01-01 16:11 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2014-01-01 16:11 . 2014-01-01 16:11 294912 ----a-w- c:\windows\system32\ATIODE.exe
2014-01-01 16:11 . 2014-01-01 16:11 20992 ----a-w- c:\windows\system32\atimuixx.dll
2014-01-01 16:11 . 2014-01-01 16:11 19584512 ----a-w- c:\windows\system32\atioglxx.dll
2014-01-01 16:11 . 2008-03-08 19:56 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\atimpc32.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\amdpcom32.dll
2014-01-01 16:11 . 2014-01-01 16:11 453632 ----a-w- c:\windows\system32\atieclxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-01-01 16:11 . 2014-01-01 16:11 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-01-01 16:11 . 2014-01-01 16:11 929736 ----a-w- c:\windows\system32\aticfx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 6857392 ----a-w- c:\windows\system32\atidxx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2014-01-01 16:11 . 2014-01-01 16:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-01-01 16:11 . 2014-01-01 16:11 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2014-01-01 16:11 . 2014-01-01 16:11 44544 ----a-w- c:\windows\system32\aticalcl.dll
2014-01-01 16:11 . 2014-01-01 16:11 118784 ----a-w- c:\windows\system32\atibtmon.exe
2014-01-01 16:11 . 2014-01-01 16:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-01-01 16:11 . 2014-01-01 16:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2014-01-01 16:11 . 2008-03-08 19:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-12-24 10:40 . 2014-01-23 06:43 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-12 16:58 . 2013-12-12 16:58 82432 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2013-12-12 16:58 . 2013-12-12 16:58 44544 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2013-12-12 16:58 . 2013-12-12 16:58 1275392 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Nero MediaHome 4"="c:\program files\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" [2010-03-08 5174568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-06 00:52 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 09:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-08 12:21 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 15:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2010-03-08 09:38 5174568 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 08:12 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 09:42]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3c,38,f2,0f,7a,b6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
.
Completion time: 2014-03-10 19:27:16
ComboFix-quarantined-files.txt 2014-03-10 19:27
ComboFix2.txt 2014-03-10 19:01
.
Pre-Run: 236,396,142,592 bytes free
Post-Run: 236,315,357,184 bytes free
.
- - End Of File - - 363E68B60B0196083F67F6E473429CB0
5C616939100B85E558DA92B899A0FC36
Did you have to pay for Privatefirewall?
I'm not sure but some of these issues could be from Firewall settings, I can be very wrong.
Can you disable it and see if your browser of choice connects better?
ComboFix found bits and pieces of left over uninstalls. (IObitSmartDefrag and Avg2014)
We can remove these but I don't know if it will make much difference. Run the script I've created and follow with other instructions I'll be posting.
Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Click on this link Here (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
Folder::
c:\program files\AVG
c:\users\Stephen\AppData\Local\Avg2014
File::
c:\windows\system32\IObitSmartDefragExtension.dll
ClearJavaCache::
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If there are internet issues afterward:
*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
- Make sure the infection is cleared.
- If connection is lost :
> Go to "Network Connections" and check Properties on each listed internet connection for the presence of WinpkFilter Driver and uninstall if found.
> Reboot and check connection status.
> If no connection, uninstall physical adaptor(s) from Device Manager and reboot. Try connection.
~~~~~~~~~~~~~~~~~~~~~~~~
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download HijackThis
Go Here (http://www.bleepingcomputer.com/download/hijackthis/dl/90/) to download HijackThis program
Save HijackThis to your desktop.
Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
copy and paste hijackthis report into the topic
Please post
C:\ComboFix.txt
TDSSKiller
HJT log
laudorum
2014-03-11, 20:01
Hi Juliet,
Private Firewall is Free.Previously I used comodo,but I found Private gives me more control,Plus It gives me a fresh start,so I can keep better track of what's Trying To get in and,of course out.
I don't notice any difference in bootup time when I exit the prog.
I have deleted Quicktime and Nero(Wireless)on a temporary basis,just to see if they have any effect on my problems.
As requested I have completed all the scans,But Please note that I was unable to save the TDSSKiller Results.The Prog would not let me copy & paste.ComboFix 14-03-10.01 - Stephen 11/03/2014 1:54.1.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1524 [GMT 0:00]
Running from: c:\users\Stephen\Desktop\ComboFix.exe
Command switches used :: c:\users\Stephen\Desktop\Combofix Instructions\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\IObitSmartDefragExtension.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG
c:\program files\AVG\AVG2014\avg.snu
c:\users\Stephen\AppData\Local\Avg2014
c:\windows\system32\IObitSmartDefragExtension.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-02-11 to 2014-03-11 )))))))))))))))))))))))))))))))
.
.
2014-03-11 02:07 . 2014-03-11 02:07 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2014-03-11 02:07 . 2014-03-11 02:07 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2014-03-11 02:07 . 2014-03-11 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 19:33 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EF80AFF-28A4-46BB-AC54-62F77BEC0BCB}\mpengine.dll
2014-03-09 17:50 . 2014-03-09 17:50 -------- d-----w- c:\users\Stephen\AppData\Roaming\SUPERAntiSpyware.com
2014-03-09 16:29 . 2014-03-09 16:29 -------- d-----w- c:\programdata\ProductData
2014-03-09 06:12 . 2014-03-09 06:12 -------- d-----w- c:\programdata\WindowsSearch
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 00:19 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-09 00:16 . 2014-03-09 00:16 -------- d-----w- c:\program files\Microsoft Security Client
2014-03-08 16:35 . 2014-03-08 16:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 12:53 . 2014-03-08 12:53 -------- d-----w- c:\windows\ERUNT
2014-03-07 23:46 . 2014-03-08 12:11 -------- d-----w- C:\FRST
2014-03-05 00:16 . 2010-03-08 10:10 9216 ----a-w- c:\windows\system32\ffnd.exe
2014-03-01 19:09 . 2013-11-05 14:38 274432 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-01 19:09 . 2013-11-05 14:38 1122304 ----a-w- c:\windows\system32\libeay32.dll
2014-03-01 19:09 . 2012-12-10 11:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-03-01 19:09 . 2012-12-10 11:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-02-28 18:49 . 2014-02-28 18:49 -------- d-----w- c:\users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-27 18:13 . 2014-02-27 18:13 -------- d-----w- c:\users\Stephen\Coop
2014-02-26 08:53 . 2014-03-01 09:28 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-25 18:15 . 2014-03-09 19:55 -------- d-----w- c:\users\Stephen\AbiSuite
2014-02-25 18:14 . 2014-02-27 12:51 -------- d-----w- c:\program files\AbiWord
2014-02-25 16:23 . 2014-02-25 16:35 -------- d-----w- c:\users\Stephen\AppData\Roaming\1H1Q
2014-02-25 09:40 . 2014-02-25 10:41 -------- d-----w- c:\users\Stephen\AppData\Local\CrashDumps
2014-02-24 03:13 . 2014-03-08 12:36 -------- d-----w- C:\AdwCleaner
2014-02-23 15:34 . 2010-05-13 17:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2014-02-22 06:43 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 06:08 . 2014-02-22 06:08 -------- d-----w- c:\users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 . 2014-02-22 06:04 -------- d-----w- c:\users\Stephen\AppData\Local\MFAData
2014-02-22 04:44 . 2013-09-29 21:24 130568 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\programdata\Privacyware
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\program files\Privacyware
2014-02-22 03:49 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6F44954-D839-4401-A1D9-9517F6A307DD}\mpengine.dll
2014-02-22 01:45 . 2014-02-22 01:45 -------- d-----w- c:\users\Stephen\AppData\Roaming\SecureSearch
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-02-18 23:24 . 2014-02-27 16:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-02-12 07:52 . 2014-02-12 07:55 -------- d-----w- c:\users\Stephen\Blank Cd's
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 09:42 . 2012-05-10 17:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 09:42 . 2011-06-10 08:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2009-10-03 14:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-17 03:14 . 2014-01-17 03:14 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-03 10:00 . 2013-09-27 00:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-01 16:49 . 2008-03-08 19:56 317240 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 16:49 . 2014-01-01 16:49 83808 ----a-w- c:\windows\system32\NicInE6.dll
2014-01-01 16:49 . 2014-01-01 16:49 28272 ----a-w- c:\windows\system32\NicCo26.dll
2014-01-01 16:49 . 2014-01-01 16:49 232296 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2014-01-01 16:49 . 2014-01-01 16:49 121440 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 16:12 . 2014-01-01 16:12 319456 ----a-w- c:\windows\system32\Difxapi.dll
2014-01-01 16:12 . 2014-01-01 16:12 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-01-01 16:12 . 2014-01-01 16:12 48544 ----a-w- c:\windows\system32\atiuxpag.dll
2014-01-01 16:12 . 2008-03-08 19:56 4782960 ----a-w- c:\windows\system32\atiumdva.dll
2014-01-01 16:11 . 2014-01-01 16:11 38768 ----a-w- c:\windows\system32\atiu9pag.dll
2014-01-01 16:11 . 2014-01-01 16:11 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 1978240 ----a-w- c:\windows\system32\atiumdmv.dll
2014-01-01 16:11 . 2008-03-08 19:56 6288832 ----a-w- c:\windows\system32\atiumdag.dll
2014-01-01 16:11 . 2014-01-01 16:11 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2014-01-01 16:11 . 2014-01-01 16:11 294912 ----a-w- c:\windows\system32\ATIODE.exe
2014-01-01 16:11 . 2014-01-01 16:11 20992 ----a-w- c:\windows\system32\atimuixx.dll
2014-01-01 16:11 . 2014-01-01 16:11 19584512 ----a-w- c:\windows\system32\atioglxx.dll
2014-01-01 16:11 . 2008-03-08 19:56 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\atimpc32.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\amdpcom32.dll
2014-01-01 16:11 . 2014-01-01 16:11 453632 ----a-w- c:\windows\system32\atieclxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-01-01 16:11 . 2014-01-01 16:11 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-01-01 16:11 . 2014-01-01 16:11 929736 ----a-w- c:\windows\system32\aticfx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 6857392 ----a-w- c:\windows\system32\atidxx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2014-01-01 16:11 . 2014-01-01 16:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-01-01 16:11 . 2014-01-01 16:11 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2014-01-01 16:11 . 2014-01-01 16:11 44544 ----a-w- c:\windows\system32\aticalcl.dll
2014-01-01 16:11 . 2014-01-01 16:11 118784 ----a-w- c:\windows\system32\atibtmon.exe
2014-01-01 16:11 . 2014-01-01 16:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-01-01 16:11 . 2014-01-01 16:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2014-01-01 16:11 . 2008-03-08 19:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-12-24 10:40 . 2014-01-23 06:43 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-12 16:58 . 2013-12-12 16:58 82432 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2013-12-12 16:58 . 2013-12-12 16:58 44544 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2013-12-12 16:58 . 2013-12-12 16:58 1275392 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Nero MediaHome 4"="c:\program files\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" [2010-03-08 5174568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-06 00:52 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 09:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-08 12:21 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 15:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2010-03-08 09:38 5174568 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 08:12 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 09:42]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-11 02:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3c,38,f2,0f,7a,b6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
.
Completion time: 2014-03-11 02:11:08
ComboFix-quarantined-files.txt 2014-03-11 02:11
ComboFix2.txt 2014-03-10 19:27
ComboFix3.txt 2014-03-10 19:01
.
Pre-Run: 236,579,205,120 bytes free
Post-Run: 236,506,599,424 bytes free
.
- - End Of File - - 3AE33764BAA52833FFAEB980827E136E
5C616939100B85E558DA92B899A0FC36
TDSSkiller threats=0,objects=0
Hijack this log to follow in next post
laudorum
2014-03-11, 20:07
HijackThis Log:-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:25:44, on 11/03/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Stephen\Desktop\Assort. Virus Progs Etc\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nero MediaHome 4] "C:\PROGRAM FILES\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" /AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - Unknown owner - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (file missing)
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
--
End of file - 6930 bytes
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
The below are optional fixes, by removing them from your start ups list this can improve boot up time and open up resources.
All these items can researched here http://www.bleepingcomputer.com/startups/
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (file missing)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nero MediaHome 4] "C:\PROGRAM FILES\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" /AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
Now please reboot your computer to set the registry.
Please post back and let me know if there is any improvements.
laudorum
2014-03-11, 23:33
Thanks Again for your Post,I appreciate your help.
I have deleted the Items with HIjack this,so we'll see how it goes.
One thing I did forget to mention,is that Windows updater will not stay on automatic,despite reseting it numerous times.I have no choice but to do the updating manually and I get a lot of errors eg 80070490,despite using the windows Hotfix.
Will report back soon.
Best Regards.
Laudorum
See if any of these items can help.
Is this the hotfix you used?
http://support.microsoft.com/mats/windows_update/
System Update Readiness Tool for Windows Vista
http://www.microsoft.com/en-us/download/details.aspx?id=504
Run the System Update Readiness tool
http://support.microsoft.com/kb/958044
Try running the System File Checker
Go to Start -> All Programs -> Accessories, then right-click "Command Prompt" and choose "Run as Administrator."
Enter the command "sfc /scannow" when the black command prompt window appears, then hit enter.
Let the scan complete...then restart your notebook and try running updates again.
laudorum
2014-03-14, 11:51
Hi Juliet,Sorry for not replying,But I've got the 'Flu.
I also lost Firefox,and all my bookmarks.I have them on a backup disc somewhere,so all is not lost.
when I'm feeling a Bit Better I will run another MBAM scan,Since I've got a lot of Pup's being installed,And a lot of Alerts popping up on my firewall.
I have managed to delete some,but the same ones seem to keep coming back eg Bubbledock,Conduit,Search project and Plurpush.
I'm going to bed now,so talk to you later.
Regards laudorum
So sorry to hear your sick, please get well soon.
When your ready to continue please let me know.
laudorum
2014-03-22, 08:10
Hi Juliet,
Back again in the land of the living,to get some more help Please.
I've tried all the fixes in your post of 12 03 14 and am still can't get Updates,for windows.
The HotFix I used is the one specifically for Vista.When I run it, I get a runtime error code 80070005.
The system update readiness tool I used was for the 32bit system(KB947821),and this ran for2 hours or so and reported that the updates had been installed.However I still get notifications telling me that updates cannot be installed automatically, despite the Auto update setting in the control panel.
The troubleshooting tool(KB958044),when run,reported that it could not continue because an error had occured(code 80070005).
I also tried the the system file checker,following your instructions,and got a dialog box telling me"The System cannot find the path specified",so all in all,not a good result.
I cannot open MBAM,to run a scan,despite this being the latest version with the chameleon update,which is supposed to stop MBAM being Hijacked by malware.The dialog box reported that:-"windows cannot access the specified device,path or file-you may not have the appropriate permissions to access this item".I attempted to delete the program,in order to reinstall,but no luck! a dialog box advised me "error 5 unable to create a temp file- access is denied".
So I thought I'd try MSE,but guess what,The Prog was unable to instal updates,Error code 0x80070002,which directs you to the fixit gizmo which won't run!
The only Programs I have added is Advanced Uninstaller Pro,which I used to get rid of the IObit uninstaller,which had also stopped working,and to delete some PUPS ie nosibay,bubbledock etc,and to reinstall Quicktime.
The strange thing is that my son uses this PC a lot,and has not reported anything amiss,other than The PC being a little slow and taking longer to boot up.I should mention that my son knows about the problems I'm having,and is quite PC savvy.he used to work on PC's for a Living,ie Data Input and word processing.
On top of the other problems I can't get My PC to see my expansion drive.
I Would Really Appreciate some help,as I still feel that I've got something nasty lurking on my PC.
Almost forgot I Downloaded the Microsoft Malicious Software Removal Tool,and to my surprise No Infection
look forward to your reply.
Regards,Laudorum
When you ran TDSSKiller, can you recall if it had found anything?
What happens if you boot into safe mode to run tools, are they stopped here as well?
http://www.bleepingcomputer.com/forums/t/509474/reset-all-user-permissions-to-default/
Reset All User Permissions To Default
Please download Farbar Service Scanner (http://www.bleepingcomputer.com/download/farbar-service-scanner/) and run it on the computer.
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
~~~~~~~~~~~~~~~
Please download Malwarebytes AntiRootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
Full instructions how to use MBAR (http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit)
Please note: This is a beta version so please be sure to read the disclaimer and note of it.
• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...
• Click on Next > then on Update button to download fresh definitions.
https://dl.dropboxusercontent.com/u/73555776/mbar_update.JPG
• When database updates click Next
• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"
https://dl.dropboxusercontent.com/u/73555776/mbarscan.JPG
• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.
• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
>> Please copy and paste the two following logs from the mbar folder:
system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.
If you cannot do this in normal mode, please try to run the tool in safe mode.
laudorum
2014-03-22, 17:28
Juliet,thanks for speedy reply,but just a point,Today I have been having internet connection problems,and had to contact my ISP.
I was trying to update MSE again and got to the Install section,90% finished when a dialog box opened,saying error 0x80072efd, and at the same time,the Internet connection stopped.I repaired the connection and tried again,and the same thing happened,but this time i could not get the internet connection established,and had to contact my ISP.
Internet Connection Is fine now,but I wonder if this may have been something to do with the problems I have been experiencing recently?
I have just checked MBAM and it opens fine and is running.
I Will wait till I hear from You,before I do anything else.
Regards
It very well could had been your ISP provider, we'll never know.
When you ran TDSSKiller, can you recall if it had found anything?
Please download Farbar Service Scanner (http://www.bleepingcomputer.com/download/farbar-service-scanner/) and run it on the computer.
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
~~~~~~~~~~~~~~~
and post the log from MBAR scan
laudorum
2014-03-22, 19:13
In reply to your post,TDSkiller didn't find any threats on the first run.Just ran it again with same result.
farbar scan:-
rbar Service Scanner Version: 25-02-2014
Ran by Stephen (administrator) on 22-03-2014 at 15:53:28
Running from "C:\Users\Stephen\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
MBAR Scan(System-log txt):-
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2144567296, free: 966811648
Downloaded database version: v2014.03.22.07
Downloaded database version: v2014.03.18.01
Initializing...
======================
------------ Kernel report ------------
03/22/2014 16:02:53
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\pwipf6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\sfloppy.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\WinUSB.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E617D6E9-7783-4B84-8FCE-84E27C26B604}\MpKsl9a407056.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff86de1508
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff867ffa00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff86997ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff86f9f638
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff868276b0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xffffffff86e2ccb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86dcaac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xffffffff86827030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff853c5468
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff84895028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff853c5468, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff853c5158, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff853c5468, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84895028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70000000
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 128457
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 129024 Numsec = 31457280
Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31586304 Numsec = 945184768
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86dcaac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff867ed6f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86dcaac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86827030, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff868276b0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86823d20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff868276b0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86e2ccb8, DeviceName: \Device\00000064\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff86997ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86fe3710, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86997ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86f9f638, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff86de1508, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d06818, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86de1508, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff867ffa00, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-31586304-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
MBAR log(03 22 14):-
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.22.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stephen :: RODLEY [administrator]
22/03/2014 16:02:59
mbar-log-2014-03-22 (16-02-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 243424
Time elapsed: 17 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Hope these help
It shows me clean.
OK, let's back tract, what issues are you having today?
laudorum
2014-03-22, 20:39
Hi again,I am now convinced that the PC is clean,nevertheless I am down 200Gb.
I tried updating MSE again without success and didn't loose the Internet connection this time,but since it's not doing it's got to go.Any recommendations?
Apart from those the PC is working OK,albeit a little slow.
I really appreciate your efforts to help me.
Regards Laudorum
No clue what happened to MSE, it must have been corrupted in download due to be internet service.
You can try to uninstall, reinstall, or try a different antivirus
Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.
Microsoft Security Essentials (http://www.microsoft.com/Security_Essentials/)
AVAST Home Edition (http://avast.com/eng/avast_4_home.html)
AntiVir Personal (http://www.free-av.com/)
~~~~~~~~~~~~~~~~~~~~~~
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
Go to step 3 and allow it to run SFC
On the start repairs tab click start
Select the following items and tick restart system when finished
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode
After that come back and tell me if that has made a difference.
laudorum
2014-03-28, 05:16
Sorry I didn't get back to you sooner,but I've been ill again,can't seem to shake this bug off,so please bear with me if I don't reply promptly.
PC is a little faster,but still not as fast as it was before original posting.
D/L Avast and after running reported:-"Win32 adware gen"Malware.
Auto updating seems to be working-No more Alerts.
Still can't get my PC to "see" my expansion drive-Any Idea's
Whilst deleting MSE in programs and features section of control panel,I noticed a number of files I've not seen there before:-
AVG2011-17 items
AVG2012-3 items
CCC Help-6 items
No owner or date is shown for any of the above files,as would be normal,and they cannot be deleted,nor do they have properties-very strange.
As i recall, these may have been files I thought I had deleted or shredded with Spybot.This would be before my first posting when I was having a Spring clean.
I've checked in BIOS and the disc size is shown as 500Gb,so is it possible that my hard drive is the problem?I know I'm of an age where my memory isn't as good as it was,but I am convinced I had 700Gb of disc space.
Regards,Laudorum
Did you run Windows Repair (all in one)?
AVG2011-17 items <--Left overs from a previous uninstall
AVG2012-3 items <--Left overs from a previous uninstall
CCC Help-6 items <-- are Microsoft installed.
AVG Remover
scroll down to utilities
http://www.avg.com/us-en/utilities
is it possible that my hard drive is the problem?
I'm afraid so but I have nothing that I can confirm this with.
Please run this security check for my review.
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
laudorum
2014-03-28, 14:55
Hi Juliet ,Yea I did a scan with Windows Repair,Do you want me to post The Log
Regards, Laudorum
Hi Juliet ,Yea I did a scan with Windows Repair,Do you want me to post The Log
Regards, Laudorum
Only if it threw out errors.
Did you run Security Check?
laudorum
2014-03-28, 15:51
Hi Juliet,
Firstly there were some errors that Windows Repair reported,so I pasted the log:-
System Variables
--------------------------------------------------------------------------------
OS: Windows Vista (TM) Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: RODLEY
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Stephen
Current Profile SID: S-1-5-21-3375399300-159844686-3421529289-1000
Current Profile Classes: S-1-5-21-3375399300-159844686-3421529289-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Stephen\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:35:17
Process Count: 62
Commit Total: 1.01 GB
Commit Limit: 4.23 GB
Commit Peak: 1.26 GB
Handle Count: 16891
Kernel Total: 198.27 MB
Kernel Paged: 143.95 MB
Kernel Non Paged: 54.32 MB
System Cache: 1.37 GB
Thread Count: 740
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.00 GB
Memory Used: 1.00 GB(50.3163%)
Memory Avail.: 1,016.14 MB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.00 GB
Memory Used: 675.87 MB(33.0462%)
Memory Avail.: 1.34 GB
--------------------------------------------------------------------------------
Starting Repairs...
Start (23/03/2014 10:41:45)
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (23/03/2014 10:41:45)
Running Repair Under Current User Account
Done (23/03/2014 10:42:16)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (23/03/2014 10:42:16)
Running Repair Under System Account
Done (23/03/2014 10:46:19)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (23/03/2014 10:46:19)
Running Repair Under System Account
Done (23/03/2014 10:46:44)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (23/03/2014 10:46:44)
Running Repair Under System Account
Done (23/03/2014 10:55:09)
02 - Reset File Permissions: D:
D: & Sub Folders
Start (23/03/2014 10:55:09)
Running Repair Under System Account
Done (23/03/2014 10:55:20)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (23/03/2014 10:55:20)
Running Repair Under System Account
Done (23/03/2014 11:00:50)
02 - Reset File Permissions: Current Profile
C:\Users\Stephen & Sub Folders
Start (23/03/2014 11:00:50)
Running Repair Under System Account
Done (23/03/2014 11:01:58)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (23/03/2014 11:01:58)
Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>
Reading the SD from <\\?\C:\Documents and Settings> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Application Data>
Reading the SD from <\\?\C:\ProgramData\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Desktop>
Reading the SD from <\\?\C:\ProgramData\Desktop> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Documents>
Reading the SD from <\\?\C:\ProgramData\Documents> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Favorites>
Reading the SD from <\\?\C:\ProgramData\Favorites> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>
Reading the SD from <\\?\C:\ProgramData\Start Menu> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Templates>
Reading the SD from <\\?\C:\ProgramData\Templates> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>
Reading the SD from <\\?\C:\Users\All Users\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>
Reading the SD from <\\?\C:\Users\All Users\Desktop> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Documents>
Reading the SD from <\\?\C:\Users\All Users\Documents> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>
Reading the SD from <\\?\C:\Users\All Users\Favorites> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>
Reading the SD from <\\?\C:\Users\All Users\Start Menu> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Templates>
Reading the SD from <\\?\C:\Users\All Users\Templates> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default User>
Reading the SD from <\\?\C:\Users\Default User> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Application Data>
Reading the SD from <\\?\C:\Users\Default\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Cookies>
Reading the SD from <\\?\C:\Users\Default\Cookies> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>
Reading the SD from <\\?\C:\Users\Default\Local Settings> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\My Documents>
Reading the SD from <\\?\C:\Users\Default\My Documents> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\NetHood>
Reading the SD from <\\?\C:\Users\Default\NetHood> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>
Reading the SD from <\\?\C:\Users\Default\PrintHood> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Recent>
Reading the SD from <\\?\C:\Users\Default\Recent> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\SendTo>
Reading the SD from <\\?\C:\Users\Default\SendTo> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>
Reading the SD from <\\?\C:\Users\Default\Start Menu> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Templates>
Reading the SD from <\\?\C:\Users\Default\Templates> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Default\AppData\Local\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>
Reading the SD from <\\?\C:\Users\Default\AppData\Local\History> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>
Reading the SD from <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>
Reading the SD from <\\?\C:\Users\Default\Documents\My Music> failed with: The system cannot find the path specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Default\Documents\My Pictures> failed with: The system cannot find the path specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Default\Documents\My Videos> failed with: The system cannot find the path specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Music>
Reading the SD from <\\?\C:\Users\Public\Documents\My Music> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Public\Documents\My Pictures> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Public\Documents\My Videos> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Application Data>
Reading the SD from <\\?\C:\Users\Stephen\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Cookies>
Reading the SD from <\\?\C:\Users\Stephen\Cookies> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Local Settings>
Reading the SD from <\\?\C:\Users\Stephen\Local Settings> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\My Documents>
Reading the SD from <\\?\C:\Users\Stephen\My Documents> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\NetHood>
Reading the SD from <\\?\C:\Users\Stephen\NetHood> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\PrintHood>
Reading the SD from <\\?\C:\Users\Stephen\PrintHood> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Recent>
Reading the SD from <\\?\C:\Users\Stephen\Recent> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\SendTo>
Reading the SD from <\\?\C:\Users\Stephen\SendTo> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Start Menu>
Reading the SD from <\\?\C:\Users\Stephen\Start Menu> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Templates>
Reading the SD from <\\?\C:\Users\Stephen\Templates> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Stephen\AppData\Local\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\AppData\Local\History>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Stephen\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Stephen\Documents\My Music>
Reading the SD from <\\?\C:\Users\Stephen\Documents\My Music> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Stephen\Documents\My Pictures> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Stephen\Documents\My Videos> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Done (23/03/2014 11:02:09)
03 - Register System Files
Start (23/03/2014 11:02:09)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:02:55)
04 - Repair WMI
Start (23/03/2014 11:02:55)
Running Repair Under Current User Account
Done (23/03/2014 11:05:10)
05 - Repair Windows Firewall
Start (23/03/2014 11:05:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:05:45)
06 - Repair Internet Explorer
Start (23/03/2014 11:05:45)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:06:07)
08 - Repair Hosts File
Start (23/03/2014 11:06:07)
Running Repair Under System Account
Done (23/03/2014 11:06:10)
09 - Remove Policies Set By Infections
Start (23/03/2014 11:06:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:06:14)
11 - Repair Icons
Start (23/03/2014 11:06:14)
Running Repair Under Current User Account
Done (23/03/2014 11:06:17)
12 - Repair Winsock & DNS Cache
Start (23/03/2014 11:06:17)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:06:42)
13 - Remove Temp Files
Start (23/03/2014 11:06:42)
Running Repair Under System Account
Done (23/03/2014 11:06:44)
14 - Repair Proxy Settings
Start (23/03/2014 11:06:45)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:06:49)
15 - Unhide Non System Files
Start (23/03/2014 11:06:49)
C:\ - Total Files Unhidden: 107 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 37 - Check Unhidden_Files.txt for list of files unhidden
Done (23/03/2014 11:08:17)
16 - Repair Windows Updates
Start (23/03/2014 11:08:17)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:08:37)
19 - Repair Windows Sidebar/Gadgets
Start (23/03/2014 11:08:37)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:08:41)
20 - Repair MSI (Windows Installer)
Start (23/03/2014 11:08:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:08:51)
22.01 - Repair bat Association
Start (23/03/2014 11:08:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:08:56)
22.02 - Repair cmd Association
Start (23/03/2014 11:08:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:01)
22.03 - Repair com Association
Start (23/03/2014 11:09:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:06)
22.04 - Repair Directory Association
Start (23/03/2014 11:09:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:10)
22.05 - Repair Drive Association
Start (23/03/2014 11:09:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:15)
22.06 - Repair exe Association
Start (23/03/2014 11:09:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:20)
22.07 - Repair Folder Association
Start (23/03/2014 11:09:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:24)
22.08 - Repair inf Association
Start (23/03/2014 11:09:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:29)
22.09 - Repair lnk (Shortcuts) Association
Start (23/03/2014 11:09:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:34)
22.10 - Repair msc Association
Start (23/03/2014 11:09:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:39)
22.11 - Repair reg Association
Start (23/03/2014 11:09:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:43)
22.12 - Repair scr Association
Start (23/03/2014 11:09:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:48)
23 - Repair Windows Safe Mode
Start (23/03/2014 11:09:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:09:53)
25 - Restore Important Windows Services
Start (23/03/2014 11:09:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:10:11)
26 - Set Windows Services To Default Startup
Start (23/03/2014 11:10:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (23/03/2014 11:10:15)
Cleaning up empty logs...
All Selected Repairs Done.
Done (23/03/2014 11:10:15)
Total Repair Time: 00:28:32
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account
The AVG removal tool worked,The folders I mentioned are gone.
Security Check logs:-
Results of screen317's Security Check version 0.99.81
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 5.0
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 22
Java(TM) 6 Update 37
Java 7 Update 51
Java(TM) SE Runtime Environment 6
Adobe Flash Player 12.0.0.77
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox 27.0.1 Firefox out of Date!
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Privatefirewall 6.1 pfsvc.exe
Privacyware Privatefirewall 7.0 PFGUI.exe
system32 AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Hope These Scans Help.
Regards,Laudorum
I see damage to Windows system files probably brought on from infections. Have also seen these types of errors made from some people using registry cleaning tools.
Let's try a couple of things.
uninstall some programs
NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.
You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job
Programs to remove
Malwarebytes Anti-Malware version 1.75.0.1300 <-- is out of date, below I'll supply new instructions
Java(TM) 6 Update 22
Java(TM) 6 Update 37
Java(TM) SE Runtime Environment 6
Adobe Flash Player 12.0.0.7
Adobe Reader 8 *Adobe Reader out of Date!
Adobe Reader 10.1.9 *Adobe Reader out of Date!
Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.
*******************
Update Adobe reader
Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here (http://www.foxitsoftware.com/pdf/reader/addons.php). It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
************
Adobe Flash Player is out of date!
Please download and install the latest version from the links below:
Adobe Flash Player 12.0.0.77 Final for (Internet Explorer) (http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player_ax.exe)
Adobe Flash Player 12.0.0.77 Final for (Firefox, Safari, Opera) (http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player.exe)
Note: Your browsers should be closed before proceeding with the installation process.
************************
Install Java:
Please go here to install Java (http://www.java.com/en/)
click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close
*********************************
Step #7 Run ESET Services repair tool Please download ESET Services Repair Tool (http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe) and save it to your Desktop; Right click and choose Run as administrator; If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed; Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
then run the system file checker again
Go to Start and type in cmd
Right-click on the cmd icon above, and click Run As Administrator
At the command prompt, type sfc /scannow, and then press ENTER.
Note This command may take several minutes to finish. You may be prompted to provide Windows installation source files when you run the sfc /scannow command.
At the command prompt, type exit, and then press ENTER to close the command prompt.
do you have your installation CD?
***************
new Updated Malwarebytes Anti-Malware tool.
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/update/)to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
https://dl.dropboxusercontent.com/u/73555776/MBAMsettings.JPG
Go back to the Dashboard and select Scan Now
https://dl.dropboxusercontent.com/u/73555776/MBAMScan.JPG
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
https://dl.dropboxusercontent.com/u/73555776/MBAMReboot.JPG
https://dl.dropboxusercontent.com/u/73555776/MBAMLog.JPG
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
laudorum
2014-03-28, 20:39
Juliet, I do not have,and never have had a boot disc for Vista,It came pre-installed by Dell.
OK
Can you run the other instructions I listed?
laudorum
2014-03-28, 23:07
Hi Again,I havn't got that far yet Juliet.I am having trouble deleting MBAM with Revo,I got the dreaded error 5-Access is denied.I have manually deleted almost everything apart from :-vojfezar.thm in the MBAM Prog file.I can't change the permissions or delete.have tried with spybot,but no luck.Do you know of anything else I could try,or shall I just leave it?
Regards
Just leave it for now and see if we can install over the top.
laudorum
2014-03-28, 23:38
Just to confirm I have deleted all items on list apart from MBAM.
I also have some other files I cannot open:-c\users\stephen\app data\local\temp internet files and c\users\rodley\app data\local\temp internet files.
This is the error 5 alert again.
Don't know if these are important,but ithought it best youknow.
Regards
IE5 temp content is hidden on Windows Vista.
laudorum
2014-03-29, 03:36
java and Adobe are now updated.
ESET Services Repair Tool log:-
Log Opened: 2014-03-28 @ 23:01:26
23:01:26 - -----------------
23:01:26 - | Begin Logging |
23:01:26 - -----------------
23:01:26 - Fix started on a WIN_VISTA X86 computer
23:01:26 - Prep in progress. Please Wait.
23:01:29 - Prep complete
23:01:29 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Access is denied.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Access is denied.
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
SetACL finished successfully.
23:01:57 - Services Repair Complete.
23:02:03 - Reboot Initiated
System File Check:-No Integrity Violations
MBAM log:-
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 29/03/2014
Scan Time: 00:21:21
Logfile: Mbam log 03 29 2014.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.03.28.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Stephen
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250031
Time Elapsed: 19 min, 1 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
I look forward to your reply.
Regards,Laudorum
Download
http://download.bleepingcomputer.com/win-services/vista/BFE.reg
right click or double click on the reg file, You should get a UAC prompt now
Click YES & Restart your PC
Now,Press Windows+ R key and type
regedit and click ok
go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on it-permissions
Click on ADD and type
Everyone and click ok
Now Click on Everyone
Below you have permission for users
Select full control and click ok
Now,open RUN and type
services.msc and click ok
If you receive the User Account Control prompt, click Yes or Continue.
In the Services window, under the Name column, locate and double-click Base Filtering Engine.
To the right of Startup type, verify that Automatic appears.
If Startup type is not Automatic, then in the drop-down list, click Automatic.
To the right of Service Status, verify that Started appears.
If the Service status is not Started, then click Start.
Click OK.
Exit the Services window.
Restart the computer.
How is the computer running today?
laudorum
2014-03-29, 20:30
Hi Juliet,I've done that BFEreg thing you asked in your last post,although I've no idea what the purpose was! generally I stay away from the registry,as it's so easy do something dumb and end up with a PC which refuses to work.
I'm pleased to say that the bootup time is a lot quicker,and the PC is much less sluggish and is approaching the kind of response I enjoyed previously,So much kudos to you, and many thanks for leading a paranoid senior threw the various stages of repair.
I assume i need to do some deleting of the many programs we've used.
Kindest Regards,Laudorum
Your infection had corrupted system files that we were lucky being able to repair a few. I don't like the registry either because 1 small mistake can render your machine into an expensive door stop.
If I have lessen your stress then I did my job, and I am happy I could help you.
**
If you would like to use the program I'm about to post to disable unneeded start up entries you may still be able to quicken even more at bootup time.
You can research each entry Here http://www.systemlookup.com/lists.php?list=2
Put the executable file into the open box and search, read against the code. The bit to put into the box is "file name.exe"
Or you can use Malwarebytes Startuplite available Here http://www.malwarebytes.org/startuplite.php
The instructions are in the link. Basically d/l and install the program then follow the prompts.
**
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
***
Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.
Go to Start > Run > copy and paste the full text path in the run box
ComboFix /Uninstall
Note the space between the x and the /U, it needs to be there.
*****
Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg
Click Run
Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.
*********
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
*********************************************
Please read the following safe computing articles..
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
laudorum
2014-03-30, 20:15
Hi Juliet,I'm Having trouble uninstalling ComboFix.I followed your instructions,but when I press OK,in the run box I get a dialog box open advising me that "Windows cannot find ComboFix".It is installed on my Desktop.
Hi Juliet,I'm Having trouble uninstalling ComboFix.I followed your instructions,but when I press OK,in the run box I get a dialog box open advising me that "Windows cannot find ComboFix".It is installed on my Desktop.
Not a problem.
Just manually look for and delete if found.
C:\Qoobox\<--folder
C:\Combofix\<--folder
laudorum
2014-03-30, 20:37
Panic over Juliet,Delfix has deleted it.
laudorum
2014-03-30, 23:57
Hi Juliet,sorry to bother you again,But I thought I'd try Windows update in control panel,since I'v not seen any updates being installed when I turn my PC "OFF",The dialog box said" Windows can't check for updates"-error code 80070490.
I downloaded the KB947821 fix and,again.after running 45mins or so it told me that the installation had been completed,so I checked again in windows update,and got the same error code.
I then tried the MS FIXIT,which did run, but failed to rectify the problem.
Just as another aside I tried NoScript for Firefox,But it's making Firefox very Slow and if I have more than a couple of tabs open it stops responding,and the screen goes blank.Looks like I'm going to have to delete it.
Regards,Laudorum
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
Install the programme then run
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
Go to Step 4 and under "System Restore" click on Create button:
Go to Start Repairs tab and click Start button.
https://dl.dropbox.com/u/73555776/waio%20start.JPG
On the start repairs tab click start
Select the following items and tick restart system when finished
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start menu Icons
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode
https://dl.dropbox.com/u/73555776/waio%20step3.JPG
laudorum
2014-03-31, 06:25
Hi Juliet,I've done the The Windows Repair,and attempted to update windows again,same error code dialog.
do you want me to post logs?,if so do you need full logs or just the repair windows update log.
Regards,Laudorum
repair windows update log <--
Let's see if we can get the info needed from this.
Also
Please download Farbar Service Scanner (http://www.bleepingcomputer.com/download/farbar-service-scanner/) and run it on the computer.
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
laudorum
2014-03-31, 16:00
hi Juiet.As requested here is the Fss.txt log:-
arbar Service Scanner Version: 25-02-2014
Ran by Stephen (administrator) on 31-03-2014 at 13:53:09
Running from "C:\Users\Stephen\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
Hope this helps
laudorum
2014-03-31, 16:15
Oops,I forgot to send Windows repair log:-System Variables
--------------------------------------------------------------------------------
OS: Windows Vista (TM) Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: RODLEY
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Stephen
Current Profile SID: S-1-5-21-3375399300-159844686-3421529289-1000
Current Profile Classes: S-1-5-21-3375399300-159844686-3421529289-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Stephen\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:35:10
Process Count: 64
Commit Total: 1.15 GB
Commit Limit: 4.23 GB
Commit Peak: 1.31 GB
Handle Count: 21378
Kernel Total: 208.94 MB
Kernel Paged: 149.16 MB
Kernel Non Paged: 59.79 MB
System Cache: 1.34 GB
Thread Count: 930
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.00 GB
Memory Used: 1.01 GB(50.7953%)
Memory Avail.: 1,006.34 MB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.00 GB
Memory Used: 694.05 MB(33.9355%)
Memory Avail.: 1.32 GB
--------------------------------------------------------------------------------
Starting Repairs...
Start (31/03/2014 02:18:13)
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (31/03/2014 02:18:14)
Running Repair Under Current User Account
Done (31/03/2014 02:18:49)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (31/03/2014 02:18:49)
Running Repair Under System Account
Done (31/03/2014 02:22:26)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (31/03/2014 02:22:26)
Running Repair Under System Account
Done (31/03/2014 02:22:58)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (31/03/2014 02:22:58)
Running Repair Under System Account
Done (31/03/2014 02:28:56)
02 - Reset File Permissions: D:
D: & Sub Folders
Start (31/03/2014 02:28:56)
Running Repair Under System Account
Done (31/03/2014 02:29:07)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (31/03/2014 02:29:07)
Running Repair Under System Account
Done (31/03/2014 02:33:40)
02 - Reset File Permissions: Current Profile
C:\Users\Stephen & Sub Folders
Start (31/03/2014 02:33:40)
Running Repair Under System Account
Done (31/03/2014 02:34:52)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (31/03/2014 02:34:52)
Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>
Reading the SD from <\\?\C:\Documents and Settings> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Application Data>
Reading the SD from <\\?\C:\ProgramData\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Desktop>
Reading the SD from <\\?\C:\ProgramData\Desktop> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Documents>
Reading the SD from <\\?\C:\ProgramData\Documents> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Favorites>
Reading the SD from <\\?\C:\ProgramData\Favorites> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>
Reading the SD from <\\?\C:\ProgramData\Start Menu> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\ProgramData\Templates>
Reading the SD from <\\?\C:\ProgramData\Templates> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>
Reading the SD from <\\?\C:\Users\All Users\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>
Reading the SD from <\\?\C:\Users\All Users\Desktop> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Documents>
Reading the SD from <\\?\C:\Users\All Users\Documents> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>
Reading the SD from <\\?\C:\Users\All Users\Favorites> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>
Reading the SD from <\\?\C:\Users\All Users\Start Menu> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\All Users\Templates>
Reading the SD from <\\?\C:\Users\All Users\Templates> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default User>
Reading the SD from <\\?\C:\Users\Default User> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Application Data>
Reading the SD from <\\?\C:\Users\Default\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Cookies>
Reading the SD from <\\?\C:\Users\Default\Cookies> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>
Reading the SD from <\\?\C:\Users\Default\Local Settings> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\My Documents>
Reading the SD from <\\?\C:\Users\Default\My Documents> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\NetHood>
Reading the SD from <\\?\C:\Users\Default\NetHood> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>
Reading the SD from <\\?\C:\Users\Default\PrintHood> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Recent>
Reading the SD from <\\?\C:\Users\Default\Recent> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\SendTo>
Reading the SD from <\\?\C:\Users\Default\SendTo> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>
Reading the SD from <\\?\C:\Users\Default\Start Menu> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Templates>
Reading the SD from <\\?\C:\Users\Default\Templates> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Default\AppData\Local\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>
Reading the SD from <\\?\C:\Users\Default\AppData\Local\History> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>
Reading the SD from <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>
Reading the SD from <\\?\C:\Users\Default\Documents\My Music> failed with: The system cannot find the path specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Default\Documents\My Pictures> failed with: The system cannot find the path specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Default\Documents\My Videos> failed with: The system cannot find the path specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Music>
Reading the SD from <\\?\C:\Users\Public\Documents\My Music> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Public\Documents\My Pictures> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Public\Documents\My Videos> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Application Data>
Reading the SD from <\\?\C:\Users\Stephen\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Cookies>
Reading the SD from <\\?\C:\Users\Stephen\Cookies> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Local Settings>
Reading the SD from <\\?\C:\Users\Stephen\Local Settings> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\My Documents>
Reading the SD from <\\?\C:\Users\Stephen\My Documents> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\NetHood>
Reading the SD from <\\?\C:\Users\Stephen\NetHood> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\PrintHood>
Reading the SD from <\\?\C:\Users\Stephen\PrintHood> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Recent>
Reading the SD from <\\?\C:\Users\Stephen\Recent> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\SendTo>
Reading the SD from <\\?\C:\Users\Stephen\SendTo> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Start Menu>
Reading the SD from <\\?\C:\Users\Stephen\Start Menu> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Templates>
Reading the SD from <\\?\C:\Users\Stephen\Templates> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Stephen\AppData\Local\Application Data> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\AppData\Local\History>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Stephen\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Stephen\Documents\My Music>
Reading the SD from <\\?\C:\Users\Stephen\Documents\My Music> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Stephen\Documents\My Pictures> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Processing ACL of: <\\?\C:\Users\Stephen\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Stephen\Documents\My Videos> failed with: The system cannot find the file specified.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
Done (31/03/2014 02:35:00)
03 - Register System Files
Start (31/03/2014 02:35:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:35:32)
04 - Repair WMI
Start (31/03/2014 02:35:32)
Running Repair Under Current User Account
Done (31/03/2014 02:37:47)
05 - Repair Windows Firewall
Start (31/03/2014 02:37:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:38:18)
06 - Repair Internet Explorer
Start (31/03/2014 02:38:18)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:38:42)
08 - Repair Hosts File
Start (31/03/2014 02:38:42)
Running Repair Under System Account
Done (31/03/2014 02:38:44)
09 - Remove Policies Set By Infections
Start (31/03/2014 02:38:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:38:49)
10 - Repair Missing Start Menu Icons Removed By Infections
Start (31/03/2014 02:38:49)
Running Repair Under System Account
Done (31/03/2014 02:38:51)
11 - Repair Icons
Start (31/03/2014 02:38:51)
Running Repair Under Current User Account
Done (31/03/2014 02:38:54)
12 - Repair Winsock & DNS Cache
Start (31/03/2014 02:38:54)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:39:07)
13 - Remove Temp Files
Start (31/03/2014 02:39:07)
Running Repair Under System Account
Done (31/03/2014 02:39:10)
14 - Repair Proxy Settings
Start (31/03/2014 02:39:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:39:14)
15 - Unhide Non System Files
Start (31/03/2014 02:39:14)
C:\ - Total Files Unhidden: 9 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
Done (31/03/2014 02:41:26)
16 - Repair Windows Updates
Start (31/03/2014 02:41:27)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:41:44)
19 - Repair Windows Sidebar/Gadgets
Start (31/03/2014 02:41:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:41:48)
20 - Repair MSI (Windows Installer)
Start (31/03/2014 02:41:49)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:41:56)
22.01 - Repair bat Association
Start (31/03/2014 02:41:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:01)
22.02 - Repair cmd Association
Start (31/03/2014 02:42:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:06)
22.03 - Repair com Association
Start (31/03/2014 02:42:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:10)
22.04 - Repair Directory Association
Start (31/03/2014 02:42:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:15)
22.05 - Repair Drive Association
Start (31/03/2014 02:42:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:20)
22.06 - Repair exe Association
Start (31/03/2014 02:42:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:24)
22.07 - Repair Folder Association
Start (31/03/2014 02:42:24)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:29)
22.08 - Repair inf Association
Start (31/03/2014 02:42:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:34)
22.09 - Repair lnk (Shortcuts) Association
Start (31/03/2014 02:42:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:39)
22.10 - Repair msc Association
Start (31/03/2014 02:42:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:43)
22.11 - Repair reg Association
Start (31/03/2014 02:42:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:48)
22.12 - Repair scr Association
Start (31/03/2014 02:42:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:53)
23 - Repair Windows Safe Mode
Start (31/03/2014 02:42:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:42:57)
25 - Restore Important Windows Services
Start (31/03/2014 02:42:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:43:18)
26 - Set Windows Services To Default Startup
Start (31/03/2014 02:43:18)
Running Repair Under Current User Account
Running Repair Under System Account
Done (31/03/2014 02:43:22)
Cleaning up empty logs...
All Selected Repairs Done.
Done (31/03/2014 02:43:22)
Total Repair Time: 00:25:11
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account
Is this the FixIt tool you ran?
http://support.microsoft.com/?kbid=910336
Try that one, then try the below
Please download ServicesRepair (http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe) and save it to your desktop.
Double-click ServicesRepair.exe.
If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
After restart wait a few minutes until the system settled down. Run Farbar Service Scanner again and post the log it makes.
laudorum
2014-03-31, 19:28
The Fixit tool I ran was specifically for error 80070490.
I tried the Fixit tool you suggested(error 0x80070002),but the results were the same:-
"windows update error-Not Fixed"
"problems Installing recent updates-Not Fixed"
I ran the services repair tool as requested,rebooted and ran Farbar
Log as follows:-
Farbar Service Scanner Version: 25-02-2014
Ran by Stephen (administrator) on 31-03-2014 at 15:50:51
Running from "C:\Users\Stephen\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
Malware isn't the problem now it's something corrupt on the machine.
Something to think about, locate the window update KB number, see if you can update it manually from the Microsoft web site.
Does your computer have a Recovery Partition?
This is just about all we have left that I can help with.
laudorum
2014-03-31, 23:54
Hi Juliet,yes I think that Windows is corrupted beyond repair.I have been thinking for some time that a clean reboot from D drive is the way to go.
I am exploring the update problem with Dell,but to be honest,I don't expect any easy answers.
I will have to do some backups and some detailed research on how to perform the clean boot,so i don't think it wall be this week!
Let me thank you again Juliet,you have been an Angel.
best Regards,
Laudorum
Hi Juliet,yes I think that Windows is corrupted beyond repair.I have been thinking for some time that a clean reboot from D drive is the way to go.
I am exploring the update problem with Dell,but to be honest,I don't expect any easy answers.
I will have to do some backups and some detailed research on how to perform the clean boot,so i don't think it wall be this week!
Let me thank you again Juliet,you have been an Angel.
best Regards,
Laudorum
I wanted to clean it up top to bottom and solve all your errors, then, I started to see it was beyond what I could do, the infections are gone but not the corrupt system files.
Heres a link that might help
What are the system recovery options in Windows?
http://windows.microsoft.com/en-us/windows/what-are-system-recovery-options#what-are-system-recovery-options=windows-vista
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.