Malware problems with my PC

Status
Not open for further replies.
L

laudorum

New member
Hi everyone

I've been having some serious problems with my PC recently, and over the last months its been a lot slower to start up and has been running sluggishly. More worryingly 200GB has disappeared from the "C" hard drive, and I've been finding a number of PUP infections and hidden zero-byte folders have been appearing. Something has also attempted on several occasions to alter my web browser home page (i.e. to porn sites etc).

I have been using Avast as my main anti-virus program and this never picked up any infections of a serious nature. I've since deleted Avast and have tried using a number of other free anti-virus programs but have not had any luck, and I cannot download programs such as ad-aware and AVG due to errors in the installation processes (and I'm wondering whether a possible infection might be responsible for this).

I've most recently downloaded Stopzilla on a 15-day free trail, and this has discovered the following infections:

a) trojan.win32.mouse,gen (nkim/software/microsoft/windowsNT/currentversion/winlogon/taskman)

b) trojan.win32.generi.pak!colorac (c/users/stephen/desktop/easyjuice/easyjuice.exe)

c) two instances of Isearch toolbar

d) twelve instances of conduit toolbar

e) open candy

f) Hosts file A (non-restorable) = 18 hijackers

g) Host file D (non-restorable) = 4 hijackers

h) Host file B (non-restorable) = 14 trojans

I) Adware JS conduit (3 instances)

j) Isearch toolbar

k) Smartbar (this last one has been quarantined by Stopzilla)

I have an expansion drive which is powered by Memio and 6this automatically backs up my files - so it is likely that this drive has also been infected (and I've disconnected it to be on the safe side).

I'm worried that these problems are potentially quite serious and I'm reluctant to use my computer for internet banking or for making any online orders. I'd really appreciate it if anyone can make any sense of this and give me some advice about what to do next.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.51.2
Run by Stephen at 23:53:59 on 2014-03-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.850 [GMT 0:00]
.
AV: STOPzilla *Disabled/Updated* {17032AB1-6644-0721-EEB5-A39B8B646009}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla *Enabled/Updated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
FW: Privatefirewall *Enabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\atiesrxx.exe
C:\Program Files\STOPzilla!\SZServer.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - LocalServer32 - <no file>
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NEROMEDIAHOME.EXE" /AUTORUN
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
dRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
StartupFolder: c:\users\stephen\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Search - <no file>
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1FA48FB6-FE93-4FB7-96F9-D591B098DBAE} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: linkscanner - <Clsid value has no data>
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stephen\appdata\roaming\mozilla\firefox\profiles\op65iw1g.default-1359464117396\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\iobit\surfing protection\browerprotect\np_Asc_plugin.dll
FF - plugin: c:\program files\iobit\surfing protection\browerprotect\NPASCSafariPluginProtect.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2014-1-23 18624]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2014-2-13 61328]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2014-2-22 130568]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2013-11-19 881440]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-1-1 217088]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-12 21504]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-7-8 25824]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2014-2-13 66344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-30 1153368]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2014-1-9 770432]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2014-2-13 61328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-11-19 2151200]
S2 SessionLauncher;SessionLauncher; [x]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2014-1-7 15384]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-9-12 21504]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-3-8 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-3-8 19008]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-10-7 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2010-10-7 53312]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool; [x]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-9-27 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 IObitBarService;IObit Toolbar Service;c:\progra~1\iobitbar\toolbar\1.bin\i0barsvc.exe --> c:\progra~1\iobitbar\toolbar\1.bin\i0barsvc.exe [?]
S4 RoxLiveShare10;LiveShare P2P Server 10; [x]
.
=============== Created Last 30 ================
.
2014-03-05 21:29:58 -------- d-----w- c:\users\stephen\appdata\roaming\DriverCure
2014-03-05 21:29:55 -------- d-----w- c:\users\stephen\appdata\roaming\ParetoLogic
2014-03-05 21:28:52 -------- d-----w- c:\programdata\ParetoLogic
2014-03-05 03:41:02 -------- d-----w- c:\windows\A16BBEABAAEF434ABFDD297708709FCC.TMP
2014-03-05 00:16:47 9216 ----a-w- c:\windows\system32\ffnd.exe
2014-03-04 22:49:42 -------- d-----w- c:\users\stephen\appdata\roaming\FreeFixer
2014-03-04 22:49:42 -------- d-----w- c:\users\stephen\appdata\local\FreeFixer
2014-03-04 22:49:18 -------- d-----w- c:\program files\FreeFixer
2014-03-04 19:07:32 44424 ----a-r- c:\windows\system32\SBBD.EXE
2014-03-04 19:07:32 22064 ----a-r- c:\windows\system32\drivers\sbaphd.sys
2014-03-04 19:07:09 -------- d-----w- c:\programdata\STOPzilla!
2014-03-04 19:07:09 -------- d-----w- c:\program files\STOPzilla!
2014-03-01 19:58:53 -------- d-----w- c:\programdata\Kaspersky Lab
2014-03-01 19:58:53 -------- d-----w- c:\program files\Kaspersky Lab
2014-03-01 19:22:12 -------- d-----w- C:\rei
2014-03-01 19:09:21 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-03-01 19:09:21 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-03-01 19:09:21 274432 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-01 19:09:21 1122304 ----a-w- c:\windows\system32\libeay32.dll
2014-02-28 18:49:23 -------- d-----w- c:\users\stephen\appdata\roaming\LavasoftStatistics
2014-02-27 18:13:28 -------- d-----w- c:\users\stephen\Coop
2014-02-25 18:15:55 -------- d-----w- c:\users\stephen\AbiSuite
2014-02-25 18:14:34 -------- d-----w- c:\program files\AbiWord
2014-02-25 16:23:28 -------- d-----w- c:\users\stephen\appdata\roaming\1H1Q
2014-02-25 09:40:41 -------- d-----w- c:\users\stephen\appdata\local\CrashDumps
2014-02-24 17:30:27 -------- d-----w- c:\program files\AVG
2014-02-24 16:34:18 -------- d-----w- c:\programdata\HitmanPro
2014-02-24 03:13:18 -------- d-----w- C:\AdwCleaner
2014-02-24 01:40:49 3749640 ----a-w- c:\users\stephen\privatefirewall.exe24 02 2014.exe
2014-02-23 15:34:27 14232 ----a-w- c:\windows\system32\sh4native.exe
2014-02-22 06:43:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 06:43:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-22 06:34:31 3749640 ----a-w- c:\users\stephen\privatefirewall.exe
2014-02-22 06:08:24 -------- d-----w- c:\users\stephen\appdata\local\Privatefirewall
2014-02-22 06:04:42 -------- d-----w- c:\users\stephen\appdata\local\MFAData
2014-02-22 06:04:42 -------- d-----w- c:\users\stephen\appdata\local\Avg2014
2014-02-22 04:44:28 130568 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-02-22 04:43:53 -------- d-----w- c:\programdata\Privacyware
2014-02-22 04:43:52 -------- d-----w- c:\program files\Privacyware
2014-02-22 03:49:31 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d6f44954-d839-4401-a1d9-9517f6a307dd}\mpengine.dll
2014-02-22 01:45:00 -------- d-----w- c:\users\stephen\appdata\roaming\SecureSearch
2014-02-18 23:26:15 110080 ----a-r- c:\users\stephen\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconF7A21AF7.exe
2014-02-18 23:26:15 110080 ----a-r- c:\users\stephen\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconD7F16134.exe
2014-02-18 23:26:15 110080 ----a-r- c:\users\stephen\appdata\roaming\microsoft\installer\{af549236-6258-4ac6-a043-5b5b89c6eb61}\IconCF33A0CE.exe
2014-02-18 23:26:07 -------- d-----w- C:\sh4ldr
2014-02-18 23:26:07 -------- d-----w- c:\program files\Enigma Software Group
2014-02-18 23:24:40 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-02-16 17:45:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-13 10:32:40 66344 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2014-02-13 10:32:34 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2014-02-13 10:32:34 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2014-02-12 07:52:30 -------- d-----w- c:\users\stephen\Blank Cd's
.
==================== Find3M ====================
.
2014-02-21 09:42:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 09:42:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-17 03:14:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-08 15:54:22 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-03 10:00:12 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-01 16:49:47 317240 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 16:49:46 83808 ----a-w- c:\windows\system32\NicInE6.dll
2014-01-01 16:49:46 28272 ----a-w- c:\windows\system32\NicCo26.dll
2014-01-01 16:49:45 232296 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2014-01-01 16:49:44 121440 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 16:45:20 0 ----a-w- c:\windows\ativpsrm.bin
2014-01-01 16:12:02 319456 ----a-w- c:\windows\system32\Difxapi.dll
2014-01-01 16:12:01 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-01-01 16:12:01 48544 ----a-w- c:\windows\system32\atiuxpag.dll
2014-01-01 16:12:01 4782960 ----a-w- c:\windows\system32\atiumdva.dll
2013-12-24 10:40:32 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 15:26:43 204496 ----a-w- c:\program files\startuplite-setup-1.07.exe
.
============= FINISH: 23:54:37.95 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-06 01:05:19
-----------------------------
01:05:19.720 OS Version: Windows 6.0.6002 Service Pack 2
01:05:19.721 Number of processors: 4 586 0xF0B
01:05:19.721 ComputerName: RODLEY UserName:
01:05:24.198 Initialize success
01:07:06.495 AVAST engine defs: 14030500
01:07:14.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
01:07:14.268 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
01:07:14.416 Disk 0 MBR read successfully
01:07:14.419 Disk 0 MBR scan
01:07:14.423 Disk 0 Windows VISTA default MBR code
01:07:14.426 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
01:07:14.492 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
01:07:14.511 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
01:07:14.518 Disk 0 scanning sectors +976771072
01:07:14.685 Disk 0 scanning C:\Windows\system32\drivers
01:07:30.821 Service scanning
01:07:44.238 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
01:07:52.723 Modules scanning
01:07:57.647 Disk 0 trace - called modules:
01:07:57.680 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
01:07:57.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854031e8]
01:07:57.690 3 CLASSPNP.SYS[87baf8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x83b36028]
01:08:01.133 AVAST engine scan C:\Windows
01:08:05.058 AVAST engine scan C:\Windows\system32
01:11:48.927 AVAST engine scan C:\Windows\system32\drivers
01:12:23.094 AVAST engine scan C:\Users\Stephen
01:13:16.075 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
01:13:16.083 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-06 01:05:19
-----------------------------
01:05:19.720 OS Version: Windows 6.0.6002 Service Pack 2
01:05:19.721 Number of processors: 4 586 0xF0B
01:05:19.721 ComputerName: RODLEY UserName:
01:05:24.198 Initialize success
01:07:06.495 AVAST engine defs: 14030500
01:07:14.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
01:07:14.268 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
01:07:14.416 Disk 0 MBR read successfully
01:07:14.419 Disk 0 MBR scan
01:07:14.423 Disk 0 Windows VISTA default MBR code
01:07:14.426 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
01:07:14.492 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
01:07:14.511 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
01:07:14.518 Disk 0 scanning sectors +976771072
01:07:14.685 Disk 0 scanning C:\Windows\system32\drivers
01:07:30.821 Service scanning
01:07:44.238 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
01:07:52.723 Modules scanning
01:07:57.647 Disk 0 trace - called modules:
01:07:57.680 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
01:07:57.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854031e8]
01:07:57.690 3 CLASSPNP.SYS[87baf8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x83b36028]
01:08:01.133 AVAST engine scan C:\Windows
01:08:05.058 AVAST engine scan C:\Windows\system32
01:11:48.927 AVAST engine scan C:\Windows\system32\drivers
01:12:23.094 AVAST engine scan C:\Users\Stephen
01:13:16.075 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
01:13:16.083 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR.txt"
01:56:08.372 AVAST engine scan C:\ProgramData
01:56:33.329 Disk 0 MBR has been saved successfully to "C:\Users\Stephen\Desktop\MBR.dat"
01:56:33.371 The log file has been saved successfully to "C:\Users\Stephen\Desktop\aswMBR.txt"


Admin Edit
Copy pasted logs into post.
 

Attachments

Hi and welcome

A couple of items need to be uninstalled or a few tools used to scan your computer will delete them because they are either dubious and known for thievery and false claims.

Advanced SystemCare 7 <-- for right now just this one, we'll deal with the others in a few.

I think you'll need to boot into safe mode with networking to download and run the tool I'm about to suggest since you said issues are now preventing the
cannot download install programs such as ad-aware and AVG due to errors in the installation processes,
Click to expand...
and yes the infection is probably at fault here.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool

(use correct version for your system.....Which system am I using?)




Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
Malware Problems with my PC

Hi Juliet,
Thanks For The Prompt response.
Additional Problems 1)ERUNT File Is Corrupted,Error Saving File-Access Is Denied
2)STOPzilla Reports another Trojan:-Trojan.Win32.VBInject.gen(C:\users\Stephen\downloads\winlogon.exe)
The Trojan arrived after running RKill.
It Never Rains but it Pours
_As requested RKill Scan Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/07/2014 11:14:25 PM in x86 mode. (Safe Mode)
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

::1 localhost
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

20 out of 15474 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 03/07/2014 11:19:19 PM
Execution time: 0 hours(s), 4 minute(s), and 54 seconds(s)

FRST txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014 01
Ran by Stephen (administrator) on RODLEY on 07-03-2014 23:46:29
Running from C:\Users\Stephen\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(iS3, Inc.) C:\Program Files\STOPzilla!\SZServer.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\system32\CTsvcCDA.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(SigmaTel, Inc.) C:\Windows\system32\STacSV.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(iS3, Inc.) C:\Program Files\STOPzilla!\STOPzilla.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
() C:\Program Files\SpywareBlaster\SpywareBlaster\spywareblaster.exe
() C:\Program Files\SpywareBlaster\SpywareBlaster\spywareblaster.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\Run: [Privatefirewall] - C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Run: [Nero MediaHome 4] - C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5174568 2010-03-08] (Nero AG)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] - "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\Run: [Nero MediaHome 4] - C:\PROGRAM FILES\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE [5174568 2010-03-08] (Nero AG)
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-3375399300-159844686-3421529289-1000\...\MountPoints2: {66017e5e-031a-11dd-afe6-00197ee6e61e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\.\WindowsEasyTransfer\x86\.\MigSetup.exe
HKU\S-1-5-21-3375399300-159844686-3421529289-1352\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Users\Stephen\Desktop\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={63D7376A-0787-47CF-A8CD-0AD987FC2F49}&mid=d2569ab5538c93c822863677b6318a56-29a5729903258921bbe403d9ba937ed4267ed3b2&lang=en&ds=AVG&pr=fr&d=2011-10-16 04:25:51&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={63D7376A-0787-47CF-A8CD-0AD987FC2F49}&mid=d2569ab5538c93c822863677b6318a56-29a5729903258921bbe403d9ba937ed4267ed3b2&lang=en&ds=AVG&pr=fr&d=2011-10-16 04:25:51&v=10.0.0.7&sap=dsp&q={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: linkscanner - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-05] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\Extensions\ascsurfingprotection@iobit.com [2013-12-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR DefaultSearchKeyword: google.co.uk
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]
CHR Extension: (Google Drive) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10]
CHR Extension: (YouTube) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10]
CHR Extension: (Google Search) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-08] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2008-03-08] (Creative Labs)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-03-08] (Google)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-07-08] (Memeo)
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-03-08] (Nero AG)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2007-11-15] (SupportSoft, Inc.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)
R2 szserver; C:\Program Files\STOPzilla!\SZServer.exe [57136 2014-02-13] (iS3, Inc.)
S4 IObitBarService; C:\PROGRA~1\IObitBar\toolbar\1.bin\i0barsvc.exe [X]
S4 RoxLiveShare10; No ImagePath
S2 SessionLauncher; No ImagePath
S3 SophosVirusRemovalTool; No ImagePath

==================== Drivers (Whitelisted) ====================

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15384 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S0 is3srv; C:\Windows\System32\drivers\is3srv.sys [61328 2014-02-13] (iS3 Inc.)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2013-02-27] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2013-02-27] (microOLAP Technologies LTD)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10070016 2014-01-01] (Advanced Micro Devices, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2014-02-13] (GFI Software)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-01-03] ()
R0 szkg5; C:\Windows\System32\DRIVERS\szkg.sys [61328 2014-02-13] (iS3 Inc.)
S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; No ImagePath
S0 szkgfs; system32\drivers\szkgfs.sys [X]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 23:46 - 2014-03-07 23:50 - 00017492 _____ () C:\Users\Stephen\Downloads\FRST.txt
2014-03-07 23:46 - 2014-03-07 23:46 - 00000000 ____D () C:\FRST
2014-03-07 23:45 - 2014-03-07 23:45 - 01145344 _____ (Farbar) C:\Users\Stephen\Downloads\FRST.exe
2014-03-07 23:41 - 2014-03-07 23:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill(1).exe
2014-03-07 23:36 - 2014-03-07 23:36 - 00000120 _____ () C:\Windows\system32\Drivers\kgpfr2.cfg
2014-03-07 23:14 - 2014-03-07 23:44 - 00000002 _____ () C:\Users\Stephen\Desktop\Rkill.txt
2014-03-07 23:04 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.scr
2014-03-07 23:04 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.com
2014-03-07 23:03 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.exe
2014-03-07 18:58 - 2014-03-07 18:58 - 00000398 _____ () C:\Users\Stephen\Downloads - Shortcut (2).lnk
2014-03-07 18:52 - 2014-03-07 18:52 - 00000398 _____ () C:\Users\Stephen\Downloads - Shortcut.lnk
2014-03-07 14:45 - 2014-03-07 14:45 - 00000566 _____ () C:\Users\Stephen\Desktop\MBR.zip.zip
2014-03-07 01:51 - 2014-03-07 01:51 - 00688992 ____R (Swearware) C:\Users\Stephen\Downloads\dds.scr
2014-03-07 01:26 - 2014-03-07 01:29 - 00000000 ____D () C:\Users\Stephen\Desktop\ERUNT
2014-03-07 01:26 - 2014-03-07 01:26 - 00000519 _____ () C:\Users\Stephen\Desktop\NTREGOPT.lnk
2014-03-07 01:26 - 2014-03-07 01:26 - 00000500 _____ () C:\Users\Stephen\Desktop\ERUNT.lnk
2014-03-07 01:22 - 2014-03-07 01:22 - 00791393 _____ (Lars Hederer ) C:\Users\Stephen\Downloads\erunt-setup.exe
2014-03-06 23:54 - 2014-03-06 23:54 - 00018676 _____ () C:\Users\Stephen\Desktop\dds.txt
2014-03-06 01:13 - 2014-03-06 01:56 - 00004077 _____ () C:\Users\Stephen\Desktop\aswMBR.txt
2014-03-06 01:13 - 2014-03-06 01:56 - 00000512 _____ () C:\Users\Stephen\Desktop\MBR.dat
2014-03-06 00:53 - 2014-03-07 01:26 - 00000559 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\NTREGOPT.lnk
2014-03-06 00:53 - 2014-03-07 01:26 - 00000540 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\ERUNT.lnk
2014-03-05 21:29 - 2014-03-05 21:29 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\ParetoLogic
2014-03-05 21:29 - 2014-03-05 21:29 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\DriverCure
2014-03-05 21:28 - 2014-03-05 23:15 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-05 18:13 - 2014-03-04 19:08 - 00450016 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-181330.backup
2014-03-05 03:41 - 2014-03-05 23:15 - 00000000 ____D () C:\Windows\A16BBEABAAEF434ABFDD297708709FCC.TMP
2014-03-05 00:16 - 2010-03-08 10:10 - 00009216 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2014-03-04 22:49 - 2014-03-07 13:09 - 00000312 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-03-04 22:49 - 2014-03-05 00:16 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\FreeFixer
2014-03-04 22:49 - 2014-03-04 23:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Program Files\FreeFixer
2014-03-04 22:47 - 2014-03-04 22:47 - 02551343 _____ (Kephyr) C:\Users\Stephen\Downloads\freefixersetup.exe
2014-03-04 19:27 - 2014-03-04 21:04 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-03-04 19:07 - 2014-03-07 23:50 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-03-04 19:07 - 2014-03-07 11:46 - 00000000 ____D () C:\Program Files\STOPzilla!
2014-03-04 19:07 - 2014-02-13 10:32 - 00044424 ____R (GFI Software) C:\Windows\system32\SBBD.EXE
2014-03-04 19:07 - 2014-02-13 10:32 - 00022064 ____R (GFI Software) C:\Windows\system32\Drivers\sbaphd.sys
2014-03-04 18:22 - 2014-03-04 18:22 - 04435768 _____ (AVG Technologies) C:\Users\Stephen\Downloads\avg_avct_stb_all_2014_4259_cm10.exe
2014-03-04 18:09 - 2014-03-04 18:09 - 01727624 _____ () C:\Users\Stephen\Downloads\Adaware_Installer.exe
2014-03-04 17:17 - 2014-02-28 22:20 - 00000741 _____ () C:\Windows\system32\Drivers\etc\hosts.20140304-171719.backup
2014-03-01 20:30 - 2014-03-01 20:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 19:59 - 2014-03-04 18:59 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-03-01 19:58 - 2014-03-01 19:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-01 19:22 - 2014-03-01 19:22 - 00000000 ____D () C:\rei
2014-03-01 19:19 - 2014-03-01 19:43 - 00000119 _____ () C:\Windows\Reimage.ini
2014-03-01 19:09 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-03-01 19:09 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2014-03-01 19:09 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-03-01 19:09 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2014-02-28 18:49 - 2014-02-28 18:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-27 18:13 - 2014-02-27 18:13 - 00000000 ____D () C:\Users\Stephen\Coop
2014-02-27 03:29 - 2014-02-27 03:29 - 00001014 _____ () C:\Users\Stephen\Desktop\PFGUI.exe - Shortcut.lnk
2014-02-26 08:53 - 2014-03-01 09:28 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-25 19:08 - 2014-02-25 19:08 - 00000876 _____ () C:\Users\Stephen\Desktop\AbiWord.exe - Shortcut.lnk
2014-02-25 18:55 - 2014-02-25 18:55 - 00000636 _____ () C:\ProgramData\ATI - Shortcut.lnk
2014-02-25 18:54 - 2014-02-25 18:54 - 00000676 _____ () C:\Users\Stephen\AbiSuite - Shortcut.lnk
2014-02-25 18:47 - 2014-02-25 18:47 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C
2014-02-25 18:42 - 2014-02-25 18:42 - 08335349 _____ (AbiSource Developers) C:\Users\Stephen\Downloads\abiword-setup-2.8.6(1).exe
2014-02-25 18:15 - 2014-03-07 22:06 - 00000000 ____D () C:\Users\Stephen\AbiSuite
2014-02-25 18:14 - 2014-02-27 12:51 - 00000000 ____D () C:\Program Files\AbiWord
2014-02-25 18:12 - 2014-02-25 18:12 - 08335349 _____ (AbiSource Developers) C:\Users\Stephen\Downloads\abiword-setup-2.8.6.exe
2014-02-25 16:23 - 2014-02-25 16:35 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\1H1Q
2014-02-25 09:40 - 2014-02-25 10:41 - 00000000 ____D () C:\Users\Stephen\AppData\Local\CrashDumps
2014-02-24 17:30 - 2014-02-24 17:30 - 00000000 ____D () C:\Program Files\AVG
2014-02-24 16:34 - 2014-02-24 16:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-24 03:13 - 2014-02-24 03:18 - 00000000 ____D () C:\AdwCleaner
2014-02-24 01:40 - 2014-02-24 01:40 - 03749640 _____ (PWI, Inc. ) C:\Users\Stephen\privatefirewall.exe24 02 2014.exe
2014-02-23 15:34 - 2010-05-13 17:34 - 00014232 _____ () C:\Windows\system32\sh4native.exe
2014-02-22 06:44 - 2014-02-22 06:44 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 06:43 - 2014-02-22 06:44 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 06:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-22 06:34 - 2014-02-22 06:34 - 03749640 _____ (PWI, Inc. ) C:\Users\Stephen\privatefirewall.exe
2014-02-22 06:08 - 2014-02-22 06:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 - 2014-02-22 06:04 - 00000000 ____D () C:\Users\Stephen\AppData\Local\MFAData
2014-02-22 06:04 - 2014-02-22 06:04 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Avg2014
2014-02-22 05:04 - 2014-02-22 05:04 - 00000270 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-02-22 04:44 - 2013-09-29 21:24 - 00130568 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys
2014-02-22 04:43 - 2014-02-28 18:00 - 00000146 _____ () C:\Windows\ODBC.INI
2014-02-22 04:43 - 2014-02-22 04:43 - 00000000 ____D () C:\ProgramData\Privacyware
2014-02-22 04:43 - 2014-02-22 04:43 - 00000000 ____D () C:\Program Files\Privacyware
2014-02-22 04:27 - 2014-02-22 04:27 - 40367128 _____ (Check Point Software Technologies LTD) C:\Users\Stephen\Downloads\zafwSetup_120_121_000.exe
2014-02-22 03:41 - 2014-02-22 03:42 - 00930952 _____ (CNET Download.com) C:\Users\Stephen\Downloads\cbsidlm-cbsi183-Privatefirewall-ORG-10371057.exe
2014-02-22 01:45 - 2014-02-22 01:45 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\SecureSearch
2014-02-22 01:24 - 2014-02-22 01:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-22 01:11 - 2014-02-22 01:11 - 00001047 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-02-19 00:33 - 2014-02-28 20:11 - 00000647 _____ () C:\sh4_service.log
2014-02-19 00:32 - 2014-02-23 14:20 - 00004606 _____ () C:\spyhunter.log
2014-02-19 00:30 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr
2014-02-19 00:30 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2014-02-18 23:26 - 2014-03-05 03:42 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-18 23:26 - 2014-02-18 23:26 - 00002083 _____ () C:\Users\Stephen\Desktop\SpyHunter.lnk
2014-02-18 23:26 - 2014-02-18 23:26 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-02-18 23:26 - 2014-02-18 23:26 - 00000000 ____D () C:\sh4ldr
2014-02-18 23:24 - 2014-02-27 16:12 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-18 23:24 - 2014-02-18 23:24 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Stephen\Downloads\SpyHunter-Installer.exe
2014-02-16 17:45 - 2014-02-16 17:46 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-13 10:32 - 2014-02-13 10:32 - 00066344 ____R (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\SZKG.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\is3srv.sys
2014-02-12 07:52 - 2014-02-12 07:55 - 00000000 ____D () C:\Users\Stephen\Blank Cd's

==================== One Month Modified Files and Folders =======

2014-03-07 23:50 - 2014-03-07 23:46 - 00017492 _____ () C:\Users\Stephen\Downloads\FRST.txt
2014-03-07 23:50 - 2014-03-04 19:07 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-03-07 23:46 - 2014-03-07 23:46 - 00000000 ____D () C:\FRST
2014-03-07 23:45 - 2014-03-07 23:45 - 01145344 _____ (Farbar) C:\Users\Stephen\Downloads\FRST.exe
2014-03-07 23:44 - 2014-03-07 23:14 - 00000002 _____ () C:\Users\Stephen\Desktop\Rkill.txt
2014-03-07 23:44 - 2008-03-08 12:01 - 02022245 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 23:42 - 2012-05-10 17:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 23:41 - 2014-03-07 23:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill(1).exe
2014-03-07 23:36 - 2014-03-07 23:36 - 00000120 _____ () C:\Windows\system32\Drivers\kgpfr2.cfg
2014-03-07 23:33 - 2010-02-04 19:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 23:31 - 2014-01-01 16:02 - 00000276 _____ () C:\Windows\Tasks\Driver Booster Update.job
2014-03-07 23:31 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 23:31 - 2006-11-02 12:47 - 00305616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-07 23:31 - 2006-11-02 12:47 - 00003568 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 23:31 - 2006-11-02 12:47 - 00003568 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 23:06 - 2008-03-08 12:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-07 23:06 - 2006-11-02 13:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-07 23:04 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.scr
2014-03-07 23:04 - 2014-03-07 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.com
2014-03-07 23:04 - 2014-03-07 23:03 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Stephen\Downloads\rkill.exe
2014-03-07 22:57 - 2010-04-30 19:36 - 00000000 ____D () C:\Program Files\IObit
2014-03-07 22:11 - 2010-02-04 19:03 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 22:06 - 2014-02-25 18:15 - 00000000 ____D () C:\Users\Stephen\AbiSuite
2014-03-07 18:58 - 2014-03-07 18:58 - 00000398 _____ () C:\Users\Stephen\Downloads - Shortcut (2).lnk
2014-03-07 18:52 - 2014-03-07 18:52 - 00000398 _____ () C:\Users\Stephen\Downloads - Shortcut.lnk
2014-03-07 16:30 - 2010-04-30 19:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-07 14:45 - 2014-03-07 14:45 - 00000566 _____ () C:\Users\Stephen\Desktop\MBR.zip.zip
2014-03-07 13:09 - 2014-03-04 22:49 - 00000312 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-03-07 11:46 - 2014-03-04 19:07 - 00000000 ____D () C:\Program Files\STOPzilla!
2014-03-07 02:07 - 2011-07-08 00:59 - 00001258 _____ () C:\Windows\WININIT.INI
2014-03-07 01:51 - 2014-03-07 01:51 - 00688992 ____R (Swearware) C:\Users\Stephen\Downloads\dds.scr
2014-03-07 01:29 - 2014-03-07 01:26 - 00000000 ____D () C:\Users\Stephen\Desktop\ERUNT
2014-03-07 01:26 - 2014-03-07 01:26 - 00000519 _____ () C:\Users\Stephen\Desktop\NTREGOPT.lnk
2014-03-07 01:26 - 2014-03-07 01:26 - 00000500 _____ () C:\Users\Stephen\Desktop\ERUNT.lnk
2014-03-07 01:26 - 2014-03-06 00:53 - 00000559 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\NTREGOPT.lnk
2014-03-07 01:26 - 2014-03-06 00:53 - 00000540 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\ERUNT.lnk
2014-03-07 01:22 - 2014-03-07 01:22 - 00791393 _____ (Lars Hederer ) C:\Users\Stephen\Downloads\erunt-setup.exe
2014-03-07 00:32 - 2014-01-09 15:16 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-03-07 00:32 - 2012-11-08 22:24 - 59949056 _____ () C:\Windows\system32\config\software.iobit
2014-03-07 00:32 - 2012-11-08 22:24 - 05087232 _____ () C:\Windows\system32\config\default.iobit
2014-03-07 00:32 - 2012-11-08 22:24 - 00094208 _____ () C:\Windows\system32\config\sam.iobit
2014-03-07 00:32 - 2012-11-08 22:24 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-03-07 00:32 - 2012-05-31 00:35 - 41881600 _____ () C:\Windows\system32\config\components.iobit
2014-03-06 23:54 - 2014-03-06 23:54 - 00018676 _____ () C:\Users\Stephen\Desktop\dds.txt
2014-03-06 01:56 - 2014-03-06 01:13 - 00004077 _____ () C:\Users\Stephen\Desktop\aswMBR.txt
2014-03-06 01:56 - 2014-03-06 01:13 - 00000512 _____ () C:\Users\Stephen\Desktop\MBR.dat
2014-03-05 23:38 - 2010-06-15 12:40 - 00000000 ____D () C:\ProgramData\IObit
2014-03-05 23:34 - 2010-04-30 19:36 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\IObit
2014-03-05 23:15 - 2014-03-05 21:28 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-05 23:15 - 2014-03-05 03:41 - 00000000 ____D () C:\Windows\A16BBEABAAEF434ABFDD297708709FCC.TMP
2014-03-05 21:29 - 2014-03-05 21:29 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\ParetoLogic
2014-03-05 21:29 - 2014-03-05 21:29 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\DriverCure
2014-03-05 19:12 - 2008-03-23 12:37 - 00074368 _____ () C:\Users\Stephen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 03:42 - 2014-02-18 23:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-05 03:11 - 2009-04-30 20:27 - 00000000 ____D () C:\ProgramData\GARMIN
2014-03-05 03:04 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
2014-03-05 02:58 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
2014-03-05 00:16 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\FreeFixer
2014-03-04 23:08 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Local\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Program Files\FreeFixer
2014-03-04 22:47 - 2014-03-04 22:47 - 02551343 _____ (Kephyr) C:\Users\Stephen\Downloads\freefixersetup.exe
2014-03-04 21:04 - 2014-03-04 19:27 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-03-04 19:08 - 2014-03-05 18:13 - 00450016 _____ () C:\Windows\system32\Drivers\etc\hosts.20140305-181330.backup
2014-03-04 18:59 - 2014-03-01 19:59 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-03-04 18:23 - 2010-10-15 18:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-04 18:22 - 2014-03-04 18:22 - 04435768 _____ (AVG Technologies) C:\Users\Stephen\Downloads\avg_avct_stb_all_2014_4259_cm10.exe
2014-03-04 18:09 - 2014-03-04 18:09 - 01727624 _____ () C:\Users\Stephen\Downloads\Adaware_Installer.exe
2014-03-04 17:04 - 2011-07-13 01:24 - 00000000 ____D () C:\Windows\pss
2014-03-04 15:43 - 2013-11-19 09:01 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-04 08:16 - 2013-12-29 00:45 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-02 08:26 - 2010-05-04 17:15 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-01 20:30 - 2014-03-01 20:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 19:58 - 2014-03-01 19:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-01 19:43 - 2014-03-01 19:19 - 00000119 _____ () C:\Windows\Reimage.ini
2014-03-01 19:22 - 2014-03-01 19:22 - 00000000 ____D () C:\rei
2014-03-01 17:45 - 2009-09-09 21:20 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Apple Computer
2014-03-01 16:42 - 2013-01-29 12:20 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-01 09:44 - 2012-09-15 16:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 09:28 - 2014-02-26 08:53 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-28 22:20 - 2014-03-04 17:17 - 00000741 _____ () C:\Windows\system32\Drivers\etc\hosts.20140304-171719.backup
2014-02-28 20:11 - 2014-02-19 00:33 - 00000647 _____ () C:\sh4_service.log
2014-02-28 18:49 - 2014-02-28 18:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-28 18:00 - 2014-02-22 04:43 - 00000146 _____ () C:\Windows\ODBC.INI
2014-02-27 18:13 - 2014-02-27 18:13 - 00000000 ____D () C:\Users\Stephen\Coop
2014-02-27 17:41 - 2010-05-05 20:16 - 00000000 ____D () C:\Users\Stephen\ME CFS
2014-02-27 17:33 - 2010-05-05 19:54 - 00000000 ____D () C:\Users\Stephen\Virgin bills
2014-02-27 17:25 - 2012-08-15 00:26 - 00000000 ____D () C:\Users\Stephen\Amazon orders
2014-02-27 17:09 - 2012-11-23 20:15 - 00000000 ____D () C:\Users\Stephen\Mozilla
2014-02-27 17:08 - 2010-06-30 20:17 - 00000000 ____D () C:\Users\Stephen\exotic india
2014-02-27 17:07 - 2012-12-12 14:31 - 00000000 ____D () C:\Users\Stephen\JOT
2014-02-27 17:05 - 2013-02-16 20:42 - 00000000 ____D () C:\Users\Stephen\Ocean Dharma
2014-02-27 17:05 - 2010-05-24 03:40 - 00000000 ____D () C:\Users\Stephen\computer Stuff
2014-02-27 17:03 - 2013-07-13 14:36 - 00000000 ____D () C:\Users\Stephen\Petitions
2014-02-27 16:12 - 2014-02-18 23:24 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-02-27 12:51 - 2014-02-25 18:14 - 00000000 ____D () C:\Program Files\AbiWord
2014-02-27 12:51 - 2010-05-05 09:58 - 00000000 ____D () C:\Program Files\Paint.NET
2014-02-27 03:29 - 2014-02-27 03:29 - 00001014 _____ () C:\Users\Stephen\Desktop\PFGUI.exe - Shortcut.lnk
2014-02-25 19:08 - 2014-02-25 19:08 - 00000876 _____ () C:\Users\Stephen\Desktop\AbiWord.exe - Shortcut.lnk
2014-02-25 18:55 - 2014-02-25 18:55 - 00000636 _____ () C:\ProgramData\ATI - Shortcut.lnk
2014-02-25 18:54 - 2014-02-25 18:54 - 00000676 _____ () C:\Users\Stephen\AbiSuite - Shortcut.lnk
2014-02-25 18:47 - 2014-02-25 18:47 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C
2014-02-25 18:42 - 2014-02-25 18:42 - 08335349 _____ (AbiSource Developers) C:\Users\Stephen\Downloads\abiword-setup-2.8.6(1).exe
2014-02-25 18:12 - 2014-02-25 18:12 - 08335349 _____ (AbiSource Developers) C:\Users\Stephen\Downloads\abiword-setup-2.8.6.exe
2014-02-25 16:53 - 2012-10-30 05:55 - 00000725 _____ () C:\Users\Stephen\Desktop\HijackThis.lnk
2014-02-25 16:35 - 2014-02-25 16:23 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\1H1Q
2014-02-25 16:21 - 2010-05-05 20:53 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-02-25 10:41 - 2014-02-25 09:40 - 00000000 ____D () C:\Users\Stephen\AppData\Local\CrashDumps
2014-02-24 17:30 - 2014-02-24 17:30 - 00000000 ____D () C:\Program Files\AVG
2014-02-24 16:44 - 2014-02-24 16:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-24 03:18 - 2014-02-24 03:13 - 00000000 ____D () C:\AdwCleaner
2014-02-24 01:40 - 2014-02-24 01:40 - 03749640 _____ (PWI, Inc. ) C:\Users\Stephen\privatefirewall.exe24 02 2014.exe
2014-02-23 18:36 - 2006-11-02 12:50 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-02-23 14:20 - 2014-02-19 00:32 - 00004606 _____ () C:\spyhunter.log
2014-02-22 13:38 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\L2Schemas
2014-02-22 06:44 - 2014-02-22 06:44 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 06:44 - 2014-02-22 06:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 06:34 - 2014-02-22 06:34 - 03749640 _____ (PWI, Inc. ) C:\Users\Stephen\privatefirewall.exe
2014-02-22 06:08 - 2014-02-22 06:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 - 2014-02-22 06:04 - 00000000 ____D () C:\Users\Stephen\AppData\Local\MFAData
2014-02-22 06:04 - 2014-02-22 06:04 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Avg2014
2014-02-22 05:07 - 2006-11-02 11:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-22 05:04 - 2014-02-22 05:04 - 00000270 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-02-22 04:43 - 2014-02-22 04:43 - 00000000 ____D () C:\ProgramData\Privacyware
2014-02-22 04:43 - 2014-02-22 04:43 - 00000000 ____D () C:\Program Files\Privacyware
2014-02-22 04:27 - 2014-02-22 04:27 - 40367128 _____ (Check Point Software Technologies LTD) C:\Users\Stephen\Downloads\zafwSetup_120_121_000.exe
2014-02-22 03:42 - 2014-02-22 03:41 - 00930952 _____ (CNET Download.com) C:\Users\Stephen\Downloads\cbsidlm-cbsi183-Privatefirewall-ORG-10371057.exe
2014-02-22 01:45 - 2014-02-22 01:45 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\SecureSearch
2014-02-22 01:24 - 2014-02-22 01:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-22 01:14 - 2012-03-05 22:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-22 01:11 - 2014-02-22 01:11 - 00001047 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-02-22 01:11 - 2013-11-19 09:01 - 00001023 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-02-22 00:56 - 2011-07-17 15:03 - 00001356 _____ () C:\Users\Stephen\AppData\Local\d3d9caps.dat
2014-02-21 09:42 - 2012-05-10 17:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 09:42 - 2011-06-10 08:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-18 23:26 - 2014-02-18 23:26 - 00002083 _____ () C:\Users\Stephen\Desktop\SpyHunter.lnk
2014-02-18 23:26 - 2014-02-18 23:26 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-02-18 23:26 - 2014-02-18 23:26 - 00000000 ____D () C:\sh4ldr
2014-02-18 23:24 - 2014-02-18 23:24 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Stephen\Downloads\SpyHunter-Installer.exe
2014-02-17 18:23 - 2011-09-12 02:11 - 00000000 ____D () C:\Users\Stephen\EBay Purchases
2014-02-16 18:02 - 2009-05-18 21:05 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Apple Computer
2014-02-16 17:47 - 2012-06-19 18:16 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-16 17:46 - 2014-02-16 17:45 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-16 17:46 - 2012-06-19 18:14 - 00000000 ____D () C:\Program Files\iTunes
2014-02-16 17:38 - 2009-05-18 21:00 - 00000000 ____D () C:\ProgramData\Apple
2014-02-16 11:22 - 2012-05-08 01:22 - 00000000 ____D () C:\Users\Stephen\Sounds True
2014-02-16 11:10 - 2012-09-08 14:17 - 00000000 ____D () C:\Users\Stephen\VapeEscape
2014-02-16 11:08 - 2010-09-02 10:33 - 00000000 ____D () C:\Users\Stephen\Anam Cara Lawrence Edwards
2014-02-14 03:04 - 2013-08-06 02:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 03:01 - 2006-11-02 10:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-13 10:32 - 2014-03-04 19:07 - 00044424 ____R (GFI Software) C:\Windows\system32\SBBD.EXE
2014-02-13 10:32 - 2014-03-04 19:07 - 00022064 ____R (GFI Software) C:\Windows\system32\Drivers\sbaphd.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00066344 ____R (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\SZKG.sys
2014-02-13 10:32 - 2014-02-13 10:32 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\is3srv.sys
2014-02-13 08:20 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 07:07 - 2006-11-02 10:33 - 00743232 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 08:26 - 2013-07-13 14:48 - 00000000 ____D () C:\Users\Stephen\Reggie Ray -Dharma Ocean
2014-02-12 08:21 - 2010-05-02 00:52 - 00000000 ____D () C:\Users\Stephen\J G Ballard
2014-02-12 08:19 - 2011-11-07 19:12 - 00000000 ____D () C:\Users\Stephen\Feng Shui
2014-02-12 08:07 - 2013-04-25 14:55 - 00000000 ____D () C:\Users\Stephen\ALLPAY
2014-02-12 07:55 - 2014-02-12 07:52 - 00000000 ____D () C:\Users\Stephen\Blank Cd's
2014-02-12 07:54 - 2012-09-01 09:51 - 00000000 ____D () C:\Users\Stephen\Electronic Cigs
2014-02-12 07:50 - 2013-04-17 14:16 - 00000000 ____D () C:\Users\Stephen\Leisure Liquids
2014-02-12 07:47 - 2013-08-12 04:43 - 00000000 ____D () C:\Users\Stephen\ECig And Juice
2014-02-12 07:39 - 2013-11-20 09:55 - 00000000 ____D () C:\Users\Stephen\CLOUD 9 Vaping
2014-02-12 07:08 - 2013-06-09 05:29 - 00000000 ____D () C:\Users\Stephen\Wise Brain Bulletin
2014-02-12 06:59 - 2013-08-28 20:37 - 00000000 ____D () C:\Users\Stephen\Finlux TV
2014-02-07 04:57 - 2013-12-30 01:18 - 00000000 ____D () C:\Program Files\Seagate

Files to move or delete:
====================
C:\Users\Stephen\privatefirewall.exe
C:\Users\Stephen\privatefirewall.exe24 02 2014.exe


Some content of TEMP:
====================
C:\Users\Stephen\AppData\Local\Temp\RHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-07 23:42

==================== End Of Log ============================
Will do a seperate post for FRST Addition
Regards.
laudorum
 
Malkware Problems with my PC

Here is the Erst Addition log:-

ERST adddition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2014 01
Ran by Stephen at 2014-03-07 23:50:48
Running from C:\Users\Stephen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: STOPzilla (Disabled - Up to date) {17032AB1-6644-0721-EEB5-A39B8B646009}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: STOPzilla (Enabled - Up to date) {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems Inc.) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2011 (Version: 10.0.1136 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1144 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1153 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1170 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1191 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1202 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1204 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1209 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1321 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1325 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1375 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1382 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1388 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1390 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1391 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1392 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1410 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1831 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1834 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1869 - AVG Technologies) Hidden
BBC iPlayer Desktop (HKLM\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.7 - British Broadcasting Corp.)
BBC iPlayer Desktop (Version: 3.2.7 - British Broadcasting Corp.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07311 - Dell)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.2 - IObit)
eJuice Me Up (HKLM\...\{28107FBC-832A-4E18-9C9D-4E771B441F69}) (Version: 11.0.0.0 - Breaktru Software)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
FreeFixer (HKLM\...\FreeFixer1.09) (Version: 1.09 - Kephyr)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Drive (HKLM\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel Performance Power Manager (HKLM\...\{E65E367B-B25C-4FF8-B270-D5277E7CF1B0}) (Version: 1.0.0 - Intel)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections 12.1.12.4 (HKLM\...\PROSetDX) (Version: - Dell)
Intel(R) PRO Network Connections 12.1.12.4 (Version: - Dell) Hidden
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.0.5.1228 - IObit)
iTuner (HKLM\...\{E233EF8A-D04F-49B9-996B-218F3C3EA543}) (Version: 1.2.3782 - River Software)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Kaspersky Security Scan (Version: 12.0.1.340 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mouse Suite for Desktop Computers (HKLM\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
Mozilla Firefox (3.6.2pre) (HKLM\...\Mozilla Firefox (3.6.2pre)) (Version: 3.6.2pre (en-GB) - Mozilla)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero MediaHome 4 (Version: 4.5.8.0 - Nero AG) Hidden
Nero MediaHome 4 Essentials (HKLM\...\{9aa15211-f231-4ded-9399-f89a7ea12358}) (Version: - Nero AG)
Nero MediaHome 4 Help (Version: 4.5.5.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rapport (Version: 3.5.0912.43 - Trusteer) Hidden
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter (HKLM\...\{AF549236-6258-4AC6-A043-5B5B89C6EB61}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
STOPzilla (HKLM\...\{95BB3533-1FB3-4D9C-854F-2015378FC899}) (Version: 6.1.70.15 - iS3 Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.55.1000 - SUPERAntiSpyware.com)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0) (HKLM\...\C9366D62B68888C2B199785A50F4E68CA9E6A4A6) (Version: 12/27/2006 8.0.0.0 - Hewlett-Packard)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XPS MiniView Gadget (HKLM\...\{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}) (Version: 1.00.0000 - CompanionLink Software, Inc.)
ZoneAlarm Security Toolbar (HKLM\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD)

==================== Restore Points =========================

25-02-2014 18:26:23 Windows Update
26-02-2014 03:00:13 Windows Update
26-02-2014 21:16:47 Scheduled Checkpoint
27-02-2014 03:00:12 Windows Update
27-02-2014 03:04:04 Windows Update
28-02-2014 09:29:23 Windows Update
28-02-2014 18:00:42 Device Driver Package Install: Privacyware Network Service
01-03-2014 03:00:13 Windows Update
01-03-2014 17:37:49 IObit Uninstaller restore point
01-03-2014 17:44:23 IObit Uninstaller restore point
01-03-2014 17:44:55 Removed iCloud
01-03-2014 19:44:54 IObit Uninstaller restore point
01-03-2014 19:57:51 Installed Kaspersky Security Scan.
02-03-2014 08:39:10 Windows Update
03-03-2014 00:00:02 Scheduled Checkpoint
03-03-2014 07:09:41 Windows Update
03-03-2014 19:55:11 Scheduled Checkpoint
04-03-2014 03:00:14 Windows Update
04-03-2014 18:11:16 AA11
04-03-2014 18:17:07 AA11
04-03-2014 18:23:35 Installed AVG 2014
04-03-2014 18:24:28 Installed AVG 2014
04-03-2014 18:27:46 Removed AVG 2014
04-03-2014 18:41:13 Windows Update
04-03-2014 18:45:03 Windows Update
04-03-2014 18:55:33 IObit Uninstaller restore point
04-03-2014 18:56:01 Removed Kaspersky Security Scan.
04-03-2014 19:00:02 IObit Uninstaller restore point
04-03-2014 19:06:49 Installed STOPzilla
04-03-2014 19:12:46 STOPzilla Restore Point.
05-03-2014 03:00:14 Windows Update
05-03-2014 03:41:08 Installed RegHunter
05-03-2014 23:00:15 Scheduled Checkpoint
05-03-2014 23:31:28 IObit Uninstaller restore point
05-03-2014 23:36:42 IObit Uninstaller restore point
06-03-2014 03:00:14 Windows Update
06-03-2014 03:04:13 Windows Update
07-03-2014 09:03:39 Windows Update
07-03-2014 16:41:55 Windows Update
07-03-2014 16:50:35 Windows Update
07-03-2014 17:43:10 Windows Update
07-03-2014 17:46:57 Windows Update
07-03-2014 18:30:48 Windows Update
07-03-2014 18:56:09 Windows Update
07-03-2014 19:00:24 Windows Update
07-03-2014 20:15:48 Windows Update
07-03-2014 20:18:57 Windows Update
07-03-2014 22:50:24 IObit Uninstaller restore point

==================== Hosts content: ==========================

2006-11-02 10:23 - 2014-03-04 19:08 - 00450016 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {065272E5-E4FA-4BA2-907E-7564A5A8FCEF} - \MySearchDial No Task File
Task: {169DD723-2179-4CAB-8FDD-9BACD02F02A2} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-01-07] (IObit)
Task: {1749FD37-581F-4B32-9DFD-7580192A13D6} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2E5C3F1E-5D77-47B4-A8BD-F7D42B58954B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {3321E6B5-8E01-4A22-B64F-9099EAC2C97B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {515408E0-C9A8-477D-AE8C-C41C7A101F53} - System32\Tasks\ASC7_SkipUac_Stephen => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
Task: {5F98BF31-4387-46C6-B3C8-45A851AFD212} - System32\Tasks\ASCv5_AutoUpdateD => C:\Program Files\IObit\Advanced SystemCare 5\AutoUpdate.exe
Task: {695C25F1-9C03-44B1-8BE9-4DA667A659DD} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
Task: {727DCAF5-B337-4011-832B-CD49DF89FDE9} - System32\Tasks\Microsoft\Windows\RestartManager\{A60AD69B-C090-46ba-9C20-79961A3F48D5} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {8A83618C-B097-4403-A0E6-D8C35DFC8232} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2014-02-10] (Kephyr)
Task: {8F9EFD08-D282-4076-9E2A-C2DB14BCE2A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {901B2E76-EBD2-41F1-87DF-637E914D9A86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04] (Google Inc.)
Task: {9A9F885C-9945-4423-A0BC-95638FB08242} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9D658023-B590-4CB3-827D-8A779D101669} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-01-09] (IObit)
Task: {A34A1E68-7A1B-4404-8E3C-63D66BC6F594} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-01-09] (IObit)
Task: {A4BC131A-5491-4FA7-A7F6-075647C51105} - \RegCure No Task File
Task: {AE290134-ADDA-4A19-832A-02B389054567} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-02-22] (IObit)
Task: {D2F4D625-4EB1-4DBE-8C39-FC81E66A4F6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E0D3A744-072C-486F-9098-98682D48C05A} - \RegCure Program Check No Task File
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EC42E27A-E8E1-4AA2-9A8D-435A41CD7A20} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASCv5_AutoUpdateD.job => C:\Program Files\IObit\Advanced SystemCare 5\AutoUpdate.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2014-03-04 19:12 - 2014-02-07 10:24 - 00190752 _____ () C:\ProgramData\STOPzilla!\VIPRE\libBase64.dll
2014-03-04 19:12 - 2014-02-07 10:24 - 00178464 _____ () C:\ProgramData\STOPzilla!\VIPRE\libMachoUniv.dll
2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-01 16:11 - 2014-01-01 16:11 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2014-01-23 06:43 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files\IObit\Smart Defrag 3\webres.dll
2010-07-18 05:12 - 2010-07-18 05:12 - 00006144 _____ () C:\Users\Stephen\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.0.gadget\CoreTempReader.dll
2010-07-18 05:12 - 2010-07-18 05:12 - 00008704 _____ () C:\Users\Stephen\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.0.gadget\GetCoreTempInfoNET.dll
2010-07-18 05:12 - 2010-07-18 05:12 - 00007680 _____ () C:\Users\Stephen\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.0.gadget\SystemInfo.dll
2013-03-06 15:43 - 2013-03-01 14:29 - 02557544 _____ () C:\Program Files\SpywareBlaster\SpywareBlaster\spywareblaster.exe
2013-03-06 15:43 - 2010-01-28 19:34 - 00417792 _____ () C:\Program Files\SpywareBlaster\SpywareBlaster\SQLite3SB.dll
2014-03-01 20:30 - 2014-03-01 20:30 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Bandoo Coordinator => 2
MSCONFIG\startupreg: Adobe ARM => c:\program files\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: AppleSyncNotifier => c:\program files\common files\apple\mobile device support\applesyncnotifier.exe
MSCONFIG\startupreg: APSDaemon => c:\program files\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: DellSupportCenter => "c:\program files\dell support center\bin\sprtcmd.exe" /p dellsupportcenter
MSCONFIG\startupreg: dscactivate => c:\program files\dell support center\gs_agent\custom\dsca.exe
MSCONFIG\startupreg: ECenter => c:\dell\e-center\eulalauncher.exe
MSCONFIG\startupreg: ehTray.exe => c:\windows\ehome\ehtray.exe
MSCONFIG\startupreg: Google Desktop Search => "c:\program files\google\google desktop search\googledesktop.exe" /startup
MSCONFIG\startupreg: IAAnotif => c:\program files\intel\intel matrix storage manager\iaanotif.exe
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: Memeo Instant Backup =>
MSCONFIG\startupreg: MobileDocuments => c:\program files\common files\apple\internet services\ubd.exe
MSCONFIG\startupreg: msnmsgr =>
MSCONFIG\startupreg: Nero MediaHome 4 => "c:\program files\nero\nero mediahome 4\neromediahome.exe" /autorun
MSCONFIG\startupreg: PMX Daemon =>
MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: Seagate Dashboard =>
MSCONFIG\startupreg: SigmatelSysTrayApp => c:\program files\sigmatel\c-major audio\wdm\sttray.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => c:\program files\spybot - search & destroy\teatimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files\common files\java\java update\jusched.exe
MSCONFIG\startupreg: tvncontrol =>
MSCONFIG\startupreg: UpdReg =>
MSCONFIG\startupreg: Windows Defender => %programfiles%\windows defender\msascui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => c:\program files\windows media player\wmpnscfg.exe

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2014 11:37:39 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/07/2014 11:31:24 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 11:12:16 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/07/2014 10:58:39 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 10:50:23 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d1675748-0c12-4254-bbab-a417372883b6}

Error: (03/07/2014 06:41:06 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 02:31:35 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 08:52:09 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 02:51:52 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 01:57:52 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


System errors:
=============
Error: (03/07/2014 11:37:39 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (03/07/2014 11:33:04 PM) (Source: Service Control Manager) (User: )
Description: LiveUpdate1

Error: (03/07/2014 11:32:07 PM) (Source: Service Control Manager) (User: )
Description: szkgfs%%2

Error: (03/07/2014 11:31:58 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSDriver
AVGIDSShim
is3srv
SBRE
szkgfs

Error: (03/07/2014 11:31:51 PM) (Source: Service Control Manager) (User: )
Description: SessionLauncher%%3

Error: (03/07/2014 11:12:59 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSDriver
AVGIDSShim
is3srv
SASDIFSV
SASKUTIL
SBRE
spldr
szkgfs
Wanarpv6

Error: (03/07/2014 11:12:59 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (03/07/2014 11:12:21 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/07/2014 11:12:20 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/07/2014 11:12:16 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (03/07/2014 11:37:39 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/07/2014 11:31:24 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 11:12:16 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/07/2014 10:58:39 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 10:50:23 PM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d1675748-0c12-4254-bbab-a417372883b6}

Error: (03/07/2014 06:41:06 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 02:31:35 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 08:52:09 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 02:51:52 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (03/07/2014 01:57:52 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :.Config file 'C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe.config' cannot be read successfully due to exception 'System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
at System.ConfigServer.RunParser(IConfigHandler factory, String fileName)
at System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
at System.Runtime.Remoting.Activation.RemotingXmlConfigFileParser.ParseConfigFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)'. at System.Runtime.Remoting.RemotingConfigHandler.LoadConfigurationFromXmlFile(String filename)
at System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
at System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
at RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


CodeIntegrity Errors:
===================================
Date: 2014-03-05 22:18:59.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-05 22:18:59.735
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-05 22:18:59.571
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-05 22:18:59.420
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-05 22:18:28.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-05 22:18:28.329
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-05 22:18:28.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-05 22:18:28.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-03-05 21:44:38.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-03-05 21:44:38.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 2045.22 MB
Available physical RAM: 656.79 MB
Total Pagefile: 4337.48 MB
Available Pagefile: 2649.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:217.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 70000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Advanced System Care was corrupted,would not let me access.Had to do a forced uninstall
Hope This Helps.
laudorum
 
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
Toolbar: HKCU - No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-03-04 22:49 - 2014-03-07 13:09 - 00000312 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-03-04 22:49 - 2014-03-05 00:16 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\FreeFixer
2014-03-04 22:49 - 2014-03-04 23:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Program Files\FreeFixer
2014-03-04 22:47 - 2014-03-04 22:47 - 02551343 _____ (Kephyr) C:\Users\Stephen\Downloads\freefixersetup.exe
C:\Users\Stephen\privatefirewall.exe
C:\Users\Stephen\privatefirewall.exe24 02 2014.exe
C:\Users\Stephen\AppData\Local\Temp\RHSetup.exe
Reboot:
end
Click to expand...
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.



  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


thisisujrt.gif

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please post:
fixlist.txt
AdwCleaner.txt
JRT.txt
 
Malware Problems with my PC

Hi again Juliet,
As requested here is the fixlist.txt:-

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-03-2014 01
Ran by Stephen at 2014-03-08 12:11:26 Run:1
Running from C:\Users\Stephen\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
Toolbar: HKCU - No Name - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-03-04 22:49 - 2014-03-07 13:09 - 00000312 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-03-04 22:49 - 2014-03-05 00:16 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\FreeFixer
2014-03-04 22:49 - 2014-03-04 23:08 - 00000000 ____D () C:\Users\Stephen\AppData\Local\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-03-04 22:49 - 2014-03-04 22:49 - 00000000 ____D () C:\Program Files\FreeFixer
2014-03-04 22:47 - 2014-03-04 22:47 - 02551343 _____ (Kephyr) C:\Users\Stephen\Downloads\freefixersetup.exe
C:\Users\Stephen\privatefirewall.exe
C:\Users\Stephen\privatefirewall.exe24 02 2014.exe
C:\Users\Stephen\AppData\Local\Temp\RHSetup.exe
Reboot:
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} => Value deleted successfully.
HKCR\CLSID\{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\Tasks\FreeFixer background scan.job => Moved successfully.
C:\Users\Stephen\AppData\Roaming\FreeFixer => Moved successfully.
C:\Users\Stephen\AppData\Local\FreeFixer => Moved successfully.
C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer => Moved successfully.
C:\Program Files\FreeFixer => Moved successfully.
C:\Users\Stephen\Downloads\freefixersetup.exe => Moved successfully.
C:\Users\Stephen\privatefirewall.exe => Moved successfully.
C:\Users\Stephen\privatefirewall.exe24 02 2014.exe => Moved successfully.
C:\Users\Stephen\AppData\Local\Temp\RHSetup.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====
Here is the Adw Cleaner.txt:-

AdwCleaner v3.020 - Report created 08/03/2014 at 12:36:09
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Stephen - RODLEY
# Running from : C:\Users\Stephen\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Stephen\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Stephen\AppData\Roaming\ParetoLogic
File Deleted : C:\Windows\Tasks\Driver Booster Update.job
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{169DD723-2179-4CAB-8FDD-9BACD02F02A2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{169DD723-2179-4CAB-8FDD-9BACD02F02A2}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{065272E5-E4FA-4BA2-907E-7564A5A8FCEF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5426 octets] - [24/02/2014 03:13:31]
AdwCleaner[R1].txt - [1947 octets] - [08/03/2014 12:34:42]
AdwCleaner[S0].txt - [5244 octets] - [24/02/2014 03:14:39]
AdwCleaner[S1].txt - [1927 octets] - [08/03/2014 12:36:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1987 octets] #####
I will send the JRT.txt,on a seperate post.
Regards
laudorum
 
after you run and post JRT.txt
give me an update on how the computer is now.

Also, please don't put a lot of faith in
STOPzilla Reports another Trojan:-
This is an application we usually request people to uninstall.
 
Malware Problems with my PC

Thanks for your last post Juliet,and Yes the PC is booting up Quicker and dos'nt seem so Sluggish.
Regarding your Remarks about STOPzilla,Should I delete?
Regards,
laudorum
 
Malware Problems with my PC

I've just been giving the PC a run and while it is a Little Faster ,It is slow compared to it's uninfected state.I am still getting Host Alerts,and Firefox is still very slow and occasionally Will Not Respond ie the screen goes black,for 3/4 seconds.I believe the Nero Prog Slows the Startup.At some stage I'm thinking that this could be deleted.
That's it for now.
Many Thanks,
laudorum
 
Malware Problems with my PC

Hi Juliet,
Thanks for your last post.with regard to microsoft securitr essentials the prog is asking me to uninstall all AV and AMW progs.Is this OK to do.
Can you let me know.
 
Malware Problems with my PC

Firstly,STOPZilla is uninstalled.I down/L MSE and ran the prog.The Virus & Spyware definitions could'nt be updated.Do I need To Uninstall all AV & AMW progs,at this stage.
Every time I Download something,I get a lot of alerts from my firewall,and I have to be careful that I don't let Nasties in.I presume this is due to the Trojans & Hijackers on my PC?
Regards
laudorum
 
laudorum said:
Hi Juliet,
Thanks for your last post.with regard to microsoft securitr essentials the prog is asking me to uninstall all AV and AMW progs.Is this OK to do.
Can you let me know.
Click to expand...
Would like to see only 1 antivirus on the computer and it is customary for there to be a recommendation to remove previous antivirus to do a new install.

laudorum said:
Firstly,STOPZilla is uninstalled.I down/L MSE and ran the prog.The Virus & Spyware definitions could'nt be updated.Do I need To Uninstall all AV & AMW progs,at this stage.
Every time I Download something,I get a lot of alerts from my firewall,and I have to be careful that I don't let Nasties in.I presume this is due to the Trojans & Hijackers on my PC?
Regards
laudorum
Click to expand...
Please allow MSE to update and set permissions from your Firewall. Any programs you remove such as anti-malware scanners can be replaced with free versions.

Proceed with instructions above then follow:


Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~~~~~~~~~~~


bf_new.gif
Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
Malware Problems with my PC

Hi Juliet,Thanks for your post.As requested I have now deleted all AV & AMw progs.This took me longer than I anticipated,since most of the files seemed to be corrupted.When I clicked on the Icon and then Clicked on the Permission window I got a new window which said "error 5-Access is Denied".
So i had to do A forced uninstall with 10bit uninstaller.
I downloaded TFC and MBAM,And Ran Them.MBAM showed No Infections.I followed It up With a Full scan,With The same result.
MBAM LOGMalwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stephen :: RODLEY [administrator]

09/03/2014 05:34:50
mbam-log-2014-03-09 (05-34-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 250092
Time elapsed: 12 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Malware Problems with my PC

PC is still very slow to bootup and I'm having problems with Firefox not responding(again this is very slow and Can't be rushed or the screen goes blank)
I'm still missing 200Gb of disc(this probably goes some way to explaining the slow response)
I've spent a lot of time going through the files,and have found a couple of things That don't look Right.
FirstlyThere's a File I can't Access"system volume information".the folder is showing empty,but will not delete,even after adjusting the permissions.
Can this have anything to do with the missing disc space?
Also i've been looking at the quicktime files and see an awful lot of recent file dates.I have not updated this prog or even opened it.It's not a prog I use very much.So I don't know What's happening there!
Is there another Av Prog you would reccomend (I don't mind paying for it),for my peace of mind.
So overall, despite your good,and very helpfull efforts, the performance is nowhere near what it was.
 
Let's see if this next scan can find anything hidden for us that might explain some of these issues.

If you have problems running it in normal mode please reboot into safe mode and try again.
~~~~~~~~~~~~~~~~~~~

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
    ---------------------------------------------------------------------------------------------
  • If there are Internet issues after running ComboFix:
    Internet Explorer:
    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
    Firefox:
    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
    Chrome:
    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
    Safari
    Launch Safari
    Go to general settings menu
    Then in Preferences/ Advanced
    Then on line click Proxies change settings ...
    Click Internet Options, then click the Connections tab, click Network Settings.
    Disable option (uncheck) for the use of proxy server ...
 
Last edited:
Malware Problems with my PC

Sorry for the delay in posting,It's been one of those days.
As requested I attach combofix logs:-

ComboFix 14-03-10.01 - Stephen 10/03/2014 19:09:48.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1505 [GMT 0:00]
Running from: c:\users\Stephen\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 )))))))))))))))))))))))))))))))
.
.
2014-03-10 19:23 . 2014-03-10 19:23 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2014-03-10 19:23 . 2014-03-10 19:23 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2014-03-10 19:23 . 2014-03-10 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 12:06 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72FABEA3-ED12-4B51-B4C6-E7566D748120}\mpengine.dll
2014-03-09 17:50 . 2014-03-09 17:50 -------- d-----w- c:\users\Stephen\AppData\Roaming\SUPERAntiSpyware.com
2014-03-09 16:29 . 2014-03-09 16:29 -------- d-----w- c:\programdata\ProductData
2014-03-09 06:12 . 2014-03-09 06:12 -------- d-----w- c:\programdata\WindowsSearch
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\programdata\Malwarebytes
2014-03-09 05:33 . 2014-03-09 05:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 00:19 . 2014-02-05 23:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-09 00:16 . 2014-03-09 00:16 -------- d-----w- c:\program files\Microsoft Security Client
2014-03-08 16:35 . 2014-03-08 16:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 12:53 . 2014-03-08 12:53 -------- d-----w- c:\windows\ERUNT
2014-03-07 23:46 . 2014-03-08 12:11 -------- d-----w- C:\FRST
2014-03-05 00:16 . 2010-03-08 10:10 9216 ----a-w- c:\windows\system32\ffnd.exe
2014-03-01 19:09 . 2013-11-05 14:38 274432 ----a-w- c:\windows\system32\ssleay32.dll
2014-03-01 19:09 . 2013-11-05 14:38 1122304 ----a-w- c:\windows\system32\libeay32.dll
2014-03-01 19:09 . 2012-12-10 11:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-03-01 19:09 . 2012-12-10 11:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-02-28 18:49 . 2014-02-28 18:49 -------- d-----w- c:\users\Stephen\AppData\Roaming\LavasoftStatistics
2014-02-27 18:13 . 2014-02-27 18:13 -------- d-----w- c:\users\Stephen\Coop
2014-02-26 08:53 . 2014-03-01 09:28 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2014-02-25 18:15 . 2014-03-09 19:55 -------- d-----w- c:\users\Stephen\AbiSuite
2014-02-25 18:14 . 2014-02-27 12:51 -------- d-----w- c:\program files\AbiWord
2014-02-25 16:23 . 2014-02-25 16:35 -------- d-----w- c:\users\Stephen\AppData\Roaming\1H1Q
2014-02-25 09:40 . 2014-02-25 10:41 -------- d-----w- c:\users\Stephen\AppData\Local\CrashDumps
2014-02-24 17:30 . 2014-02-24 17:30 -------- d-----w- c:\program files\AVG
2014-02-24 03:13 . 2014-03-08 12:36 -------- d-----w- C:\AdwCleaner
2014-02-23 15:34 . 2010-05-13 17:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2014-02-22 06:43 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 06:08 . 2014-02-22 06:08 -------- d-----w- c:\users\Stephen\AppData\Local\Privatefirewall
2014-02-22 06:04 . 2014-02-22 06:04 -------- d-----w- c:\users\Stephen\AppData\Local\MFAData
2014-02-22 06:04 . 2014-02-22 06:04 -------- d-----w- c:\users\Stephen\AppData\Local\Avg2014
2014-02-22 04:44 . 2013-09-29 21:24 130568 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\programdata\Privacyware
2014-02-22 04:43 . 2014-02-22 04:43 -------- d-----w- c:\program files\Privacyware
2014-02-22 03:49 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6F44954-D839-4401-A1D9-9517F6A307DD}\mpengine.dll
2014-02-22 01:45 . 2014-02-22 01:45 -------- d-----w- c:\users\Stephen\AppData\Roaming\SecureSearch
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-02-18 23:26 . 2014-02-18 23:26 110080 ----a-r- c:\users\Stephen\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-02-18 23:24 . 2014-02-27 16:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-02-12 07:52 . 2014-02-12 07:55 -------- d-----w- c:\users\Stephen\Blank Cd's
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 09:42 . 2012-05-10 17:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 09:42 . 2011-06-10 08:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2009-10-03 14:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 16:24 . 2014-01-17 16:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 16:24 . 2014-01-17 16:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-17 03:14 . 2014-01-17 03:14 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-08 15:54 . 2014-01-23 06:43 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-03 10:00 . 2013-09-27 00:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-01 16:49 . 2008-03-08 19:56 317240 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 16:49 . 2014-01-01 16:49 83808 ----a-w- c:\windows\system32\NicInE6.dll
2014-01-01 16:49 . 2014-01-01 16:49 28272 ----a-w- c:\windows\system32\NicCo26.dll
2014-01-01 16:49 . 2014-01-01 16:49 232296 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2014-01-01 16:49 . 2014-01-01 16:49 121440 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 16:12 . 2014-01-01 16:12 319456 ----a-w- c:\windows\system32\Difxapi.dll
2014-01-01 16:12 . 2014-01-01 16:12 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll
2014-01-01 16:12 . 2014-01-01 16:12 48544 ----a-w- c:\windows\system32\atiuxpag.dll
2014-01-01 16:12 . 2008-03-08 19:56 4782960 ----a-w- c:\windows\system32\atiumdva.dll
2014-01-01 16:11 . 2014-01-01 16:11 38768 ----a-w- c:\windows\system32\atiu9pag.dll
2014-01-01 16:11 . 2014-01-01 16:11 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 1978240 ----a-w- c:\windows\system32\atiumdmv.dll
2014-01-01 16:11 . 2008-03-08 19:56 6288832 ----a-w- c:\windows\system32\atiumdag.dll
2014-01-01 16:11 . 2014-01-01 16:11 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2014-01-01 16:11 . 2014-01-01 16:11 294912 ----a-w- c:\windows\system32\ATIODE.exe
2014-01-01 16:11 . 2014-01-01 16:11 20992 ----a-w- c:\windows\system32\atimuixx.dll
2014-01-01 16:11 . 2014-01-01 16:11 19584512 ----a-w- c:\windows\system32\atioglxx.dll
2014-01-01 16:11 . 2008-03-08 19:56 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\atimpc32.dll
2014-01-01 16:11 . 2014-01-01 16:11 62976 ----a-w- c:\windows\system32\amdpcom32.dll
2014-01-01 16:11 . 2014-01-01 16:11 453632 ----a-w- c:\windows\system32\atieclxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-01-01 16:11 . 2014-01-01 16:11 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2014-01-01 16:11 . 2014-01-01 16:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-01-01 16:11 . 2014-01-01 16:11 929736 ----a-w- c:\windows\system32\aticfx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 6857392 ----a-w- c:\windows\system32\atidxx32.dll
2014-01-01 16:11 . 2014-01-01 16:11 46080 ----a-w- c:\windows\system32\aticalrt.dll
2014-01-01 16:11 . 2014-01-01 16:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-01-01 16:11 . 2014-01-01 16:11 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2014-01-01 16:11 . 2014-01-01 16:11 44544 ----a-w- c:\windows\system32\aticalcl.dll
2014-01-01 16:11 . 2014-01-01 16:11 118784 ----a-w- c:\windows\system32\atibtmon.exe
2014-01-01 16:11 . 2014-01-01 16:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-01-01 16:11 . 2014-01-01 16:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2014-01-01 16:11 . 2014-01-01 16:11 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2014-01-01 16:11 . 2008-03-08 19:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-12-24 10:40 . 2014-01-23 06:43 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-12 16:58 . 2013-12-12 16:58 82432 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2013-12-12 16:58 . 2013-12-12 16:58 44544 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2013-12-12 16:58 . 2013-12-12 16:58 1275392 ----a-w- c:\users\Stephen\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 15:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Nero MediaHome 4"="c:\program files\NERO\NERO MEDIAHOME 4\NEROMEDIAHOME.EXE" [2010-03-08 5174568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-06 00:52 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 09:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 09:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-08 12:21 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 15:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 03:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2010-03-08 09:38 5174568 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 08:12 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 09:42]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\op65iw1g.default-1359464117396\
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3c,38,f2,0f,7a,b6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,0d,2f,9d,4e,f3,91,4b,86,94,b0,\
.
Completion time: 2014-03-10 19:27:16
ComboFix-quarantined-files.txt 2014-03-10 19:27
ComboFix2.txt 2014-03-10 19:01
.
Pre-Run: 236,396,142,592 bytes free
Post-Run: 236,315,357,184 bytes free
.
- - End Of File - - 363E68B60B0196083F67F6E473429CB0
5C616939100B85E558DA92B899A0FC36
 

Attachments

Did you have to pay for Privatefirewall?
I'm not sure but some of these issues could be from Firewall settings, I can be very wrong.
Can you disable it and see if your browser of choice connects better?

ComboFix found bits and pieces of left over uninstalls. (IObitSmartDefrag and Avg2014)
We can remove these but I don't know if it will make much difference. Run the script I've created and follow with other instructions I'll be posting.

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
Folder::
c:\program files\AVG
c:\users\Stephen\AppData\Local\Avg2014
File::
c:\windows\system32\IObitSmartDefragExtension.dll
ClearJavaCache::
Click to expand...
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

CFScriptB-4.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

- Make sure the infection is cleared.
- If connection is lost :

> Go to "Network Connections" and check Properties on each listed internet connection for the presence of WinpkFilter Driver and uninstall if found.
> Reboot and check connection status.
> If no connection, uninstall physical adaptor(s) from Device Manager and reboot. Try connection.

~~~~~~~~~~~~~~~~~~~~~~~~

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    tdss%20start.JPG

  • Then click on Change parameters.

    tdss%20Change%20param.JPG

  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss%20threat.JPG

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    tdss%20report.JPG

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


Please post
C:\ComboFix.txt
TDSSKiller
HJT log
 
Status
Not open for further replies.
Back
Top