-
Browser Problems
My computer seems to be infected with some kind of adware/malware which I have been unable to remove. I have used Malwarebytes and Spybot which both have found problems but been unable to remove them, so I think I need something a little stronger to rid them completely.
When browsing the internet, my browser continually opens up new windows with content I've not requested and on many site, particular words are converted to links.
ASWMBR LOG
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-17 14:50:23
-----------------------------
14:50:23.039 OS Version: Windows 6.1.7601 Service Pack 1
14:50:23.040 Number of processors: 2 586 0x170A
14:50:23.041 ComputerName: INTERSKI1005 UserName: Conan
14:50:25.986 Initialize success
14:51:41.667 AVAST engine defs: 13071700
14:52:50.813 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:52:50.815 Disk 0 Vendor: WDC_WD2500AAJS-08L7A0 03.03E03 Size: 238474MB BusType: 3
14:52:51.001 Disk 0 MBR read successfully
14:52:51.003 Disk 0 MBR scan
14:52:51.020 Disk 0 Windows 7 default MBR code
14:52:51.027 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:52:51.054 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238372 MB offset 206848
14:52:51.064 Disk 0 scanning sectors +488392704
14:52:51.144 Disk 0 scanning C:\Windows\system32\drivers
14:53:03.233 Service scanning
14:53:27.216 Modules scanning
14:53:32.292 Disk 0 trace - called modules:
14:53:32.310 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:53:32.315 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86512030]
14:53:32.319 3 CLASSPNP.SYS[8bfbe59e] -> nt!IofCallDriver -> [0x860729d0]
14:53:32.325 5 ACPI.sys[8ba9d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x856f8610]
14:53:33.152 AVAST engine scan C:\Windows
14:53:36.030 AVAST engine scan C:\Windows\system32
14:57:01.156 AVAST engine scan C:\Windows\system32\drivers
14:57:16.543 AVAST engine scan C:\Users\conan
15:01:17.620 AVAST engine scan C:\ProgramData
15:03:20.243 Scan finished successfully
15:12:30.713 Disk 0 MBR has been saved successfully to "\\SERVER\RedirectedFolders\conan\Desktop\MBR.dat"
15:12:30.722 The log file has been saved successfully to "\\SERVER\RedirectedFolders\conan\Desktop\aswMBR.txt"
DDS LOG
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2
Run by Conan at 14:47:56 on 2013-07-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3317.1065 [GMT 1:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\JWrapper-Remote Access\JWAppsSharedConfig\SimpleService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\JWrapper-Remote Access\JWrapper-Windows32JRE-00000000000-complete\bin\Remote Access.exe
C:\Program Files\SimpleGatewayService\service\SimpleService.exe
C:\Program Files\SimpleGatewayService\jre1.6.0_16\bin\javaw.exe
C:\Program Files\Common Files\Umbrella\umbrella.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LiveZilla\LiveZilla.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFSE.EXE
C:\Users\conan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Windows Internet Explorer provided by Davcom I.T Ltd
uDefault_Page_URL = hxxp://companyweb
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Show-Lyrics: {27AB345A-D195-4A83-8E37-EE2DF36F5070} - c:\program files\showlrcs\122.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - c:\program files\iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SelectionLinks: {EF3CB363-38C4-4DA3-B398-DE6184A7819B} -
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [EPSON PX710W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifse.exe /fu "c:\windows\temp\E_S8BDA.tmp" /EF "HKCU"
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LiveZilla] "c:\program files\livezilla\LiveZilla.exe" -minimize
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\conan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\conan\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: RunStartupScriptSync = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.90
TCP: Interfaces\{86503733-B0EE-4BF5-BC3D-0844701734F9} : DHCPNameServer = 192.168.0.90
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-8-21 53816]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-3 216912]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-8-21 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-8-21 158904]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-26 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-26 701512]
R2 Remote Access Service;Remote Access Service;c:\programdata\jwrapper-remote access\jwappssharedconfig\SimpleService.exe [2013-6-24 100984]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-6-27 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-6-27 1033688]
R2 SimpleGateway Service;SimpleGateway Service;c:\program files\simplegatewayservice\service\SimpleService.exe [2010-1-13 90480]
R2 SProtection;SProtection;c:\program files\common files\umbrella\umbrella.exe [2013-7-9 2859048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-26 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-8-21 870200]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-6-27 171928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-23 52224]
.
=============== Created Last 30 ================
.
2013-07-15 07:57:08 -------- d-----w- c:\program files\ShowLrcs
2013-07-10 02:07:02 189952 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-07-10 02:07:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-10 02:07:01 760320 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-07-10 02:07:01 200704 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-07-10 02:07:00 981504 ----a-w- c:\windows\system32\wininet.dll
2013-07-10 02:07:00 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-07-10 02:06:57 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-07-10 02:06:57 525312 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-07-10 02:06:45 1077760 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 02:06:21 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 02:06:07 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 02:05:54 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 02:05:27 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-10 02:05:27 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-07-10 02:05:27 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-10 02:05:27 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-10 02:02:06 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2013-07-10 02:02:04 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2013-07-10 02:02:04 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2013-07-04 08:13:38 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-04 08:13:07 -------- d-----w- c:\program files\iPod
2013-07-04 08:13:06 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-04 08:13:06 -------- d-----w- c:\program files\iTunes
2013-07-04 08:08:54 -------- d-----w- c:\program files\Bonjour
2013-06-29 02:20:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-06-29 02:20:23 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-06-29 02:20:08 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-29 02:19:17 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-06-29 02:17:16 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-06-29 02:12:20 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-06-29 02:12:20 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-06-29 02:12:13 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-06-29 02:11:56 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-29 02:11:43 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-06-29 02:11:17 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-29 02:11:14 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-29 02:11:14 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-29 02:11:14 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-29 02:11:14 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-29 02:07:27 69632 ----a-w- c:\windows\system32\smss.exe
2013-06-29 02:07:27 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-06-29 02:07:26 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-29 02:07:25 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-29 02:06:13 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-06-29 02:06:02 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-29 02:06:02 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-06-29 02:04:49 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-06-29 02:04:42 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-06-29 02:04:42 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-29 02:00:52 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-06-29 02:00:48 1796096 ----a-w- c:\windows\system32\authui.dll
2013-06-27 11:09:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-27 11:08:24 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-06-27 11:08:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-06-27 10:46:28 -------- d-----w- c:\users\conan\appdata\local\antiphishing-internethelper
2013-06-27 10:46:11 -------- d-----w- c:\programdata\Internet Helper Anti-phishing
2013-06-27 10:44:19 -------- d-----w- c:\users\conan\appdata\roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-06-27 10:43:55 -------- d-----w- c:\users\conan\appdata\roaming\Iminent
2013-06-27 10:43:53 -------- d-----w- c:\programdata\Iminent
2013-06-27 10:42:30 -------- d-----w- c:\program files\common files\Umbrella
2013-06-27 10:42:29 -------- d-----w- c:\program files\Iminent
2013-06-26 14:15:17 -------- d-----w- c:\users\conan\appdata\roaming\Malwarebytes
2013-06-26 14:12:55 -------- d-----w- c:\programdata\Malwarebytes
2013-06-26 14:12:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-26 14:12:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-26 14:12:07 -------- d-----w- c:\users\conan\appdata\local\Programs
2013-06-24 10:40:38 -------- d-----w- c:\programdata\JWrapper-Remote Access
2013-06-24 10:40:37 -------- d-----w- c:\programdata\SimpleHelp
2013-06-23 12:46:50 364544 ------w- c:\windows\Setup1.exe
2013-06-23 12:46:48 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-06-23 12:35:55 -------- d-----w- c:\users\conan\appdata\local\Zoom_Downloader
2013-06-23 12:35:44 -------- d-----w- c:\windows\system32\searchplugins
2013-06-23 12:35:44 -------- d-----w- c:\windows\system32\Extensions
.
==================== Find3M ====================
.
2013-04-23 08:22:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 08:22:41 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-23 08:22:40 788896 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 14:49:07.75 ===============
I am hoping someone can help me sort this out. Please if I can provide any more information let me know, and also please bear with me as I am a bit of a novice when it comes to these matters.
Thanks,
Conan
-
hi conanbellas,
Sorry for the delay. If you still need help simply reply back.
-
Hi Shelf Life
Many thanks for your interest. Yes, I am still having the same problems whilston my internet.
Any advice and support will be warmly welcomed.
Regards
Conan
-
hi,
ok for starters you can get a download to us. Its called Combofix. There is a short guide to read first. Read through the guide then apply the directions on your own machine. Post the log in your reply. Looks like you have 3 AV installed, we will come back to that later.
Guide to using Combofix
-
Conan,
So hows it going with Combofix? You have it all under control?
-
Hi Shelf Life
Thanks for your interest. I have just been away from the office for a few days but now sat back at my desk and about to address with Combofix
Thanks again for your help, will keep you posted
Conan
-
Combofix Log:
ComboFix 13-07-27.01 - Conan 29/07/2013 9:19.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3317.1544 [GMT 1:00]
Running from: \\SERVER\RedirectedFolders\conan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Symantec Endpoint Protection *Enabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Symantec Endpoint Protection *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ShowLrcs\122.dll
c:\users\conan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{07793882-E3B6-485F-BBCB-AE0E8AE5A2F7}.xps
c:\users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E2142E5E-9124-48D0-AE91-B909EA322FB9}.xps
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-29 )))))))))))))))))))))))))))))))
.
.
2013-07-29 08:27 . 2013-07-29 08:27 -------- d-----w- c:\users\james\AppData\Local\temp
2013-07-29 08:27 . 2013-07-29 08:27 -------- d-----w- c:\users\conan\AppData\Local\temp
2013-07-29 08:27 . 2013-07-29 08:27 -------- d-----w- c:\users\User\AppData\Local\temp
2013-07-29 08:27 . 2013-07-29 08:27 -------- d-----w- c:\users\mike\AppData\Local\temp
2013-07-29 08:27 . 2013-07-29 08:27 -------- d-----w- c:\users\matt\AppData\Local\temp
2013-07-17 13:49 . 2013-07-17 13:49 -------- d-----w- c:\program files\ERUNT
2013-07-15 07:57 . 2013-07-29 08:26 -------- d-----w- c:\program files\ShowLrcs
2013-07-10 02:07 . 2013-05-27 05:01 189952 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-07-10 02:07 . 2013-05-27 03:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-10 02:07 . 2013-05-27 05:01 760320 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-10 02:07 . 2013-05-27 04:56 200704 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-07-10 02:07 . 2013-05-27 05:02 981504 ----a-w- c:\windows\system32\wininet.dll
2013-07-10 02:07 . 2013-05-27 04:56 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-07-10 02:06 . 2013-05-27 04:56 525312 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-07-10 02:06 . 2013-05-27 04:56 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-07-10 02:06 . 2013-04-10 05:02 1077760 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 02:06 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 02:06 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 02:05 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 02:05 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 02:05 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 02:05 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 02:05 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 02:02 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 02:02 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 02:02 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-04 08:13 . 2013-07-04 08:13 -------- dc----w- c:\windows\system32\DRVSTORE
2013-07-04 08:13 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-04 08:13 . 2013-07-04 08:13 -------- d-----w- c:\program files\iPod
2013-07-04 08:13 . 2013-07-04 08:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-04 08:13 . 2013-07-04 08:13 -------- d-----w- c:\program files\iTunes
2013-07-04 08:08 . 2013-07-04 08:08 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 12:46 . 2013-06-23 12:46 364544 ------w- c:\windows\Setup1.exe
2013-06-23 12:46 . 2013-06-23 12:46 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-05-13 04:45 . 2013-06-29 02:11 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-29 02:11 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-29 02:11 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-29 02:11 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-29 02:11 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-08 05:38 . 2013-06-29 02:04 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-29 02:07 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-29 02:07 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2011-02-17 7030784]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\conan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\conan\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^conan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\conan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent]
2013-06-18 09:26 1074736 ----a-w- c:\program files\Iminent\Iminent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger]
2013-06-18 09:26 884784 ----a-w- c:\program files\Iminent\Iminent.Messengers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Helper Anti-phishing]
2013-05-14 18:18 235072 ----a-w- c:\programdata\Internet Helper Anti-phishing\internetHelper_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-08-21 870200]
R2 Remote Access Service;Remote Access Service;c:\programdata\JWrapper-Remote Access\JWAppsSharedConfig\SimpleService.exe [2013-06-24 100984]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-11 1343400]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-08-21 53816]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-03 216912]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-08-21 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-08-21 158904]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
S2 SimpleGateway Service;SimpleGateway Service;c:\program files\SimpleGatewayService\service\SimpleService.exe [2010-01-13 90480]
S2 SProtection;SProtection;c:\program files\Common Files\Umbrella\umbrella.exe [2013-07-09 2859048]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-27 105592]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-23 13:07 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 10:12]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 10:12]
.
2013-07-28 c:\windows\Tasks\Show-Lyrics Update.job
- c:\program files\ShowLrcs\ShwLrcs.exe [2013-07-15 00:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.90
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-Symantec Antvirus
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
AddRemove-sl-adk2 - c:\program files\OApps\sl-adk2_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
"value"="?\07\03\1b\0d(\0aź"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-29 09:29:25
ComboFix-quarantined-files.txt 2013-07-29 08:29
.
Pre-Run: 178,919,784,448 bytes free
Post-Run: 180,859,756,544 bytes free
.
- - End Of File - - 9C820F3A457BBF61198634E1B101FD12
A36C5E4F47E84449FF07ED3517B43A31
-
look in your add/remove programs panel and uninstall one by one if listed:
Iminent
Iminent Protection
Easybits GO
After the final uninstall reboot your machine. See if things improve.
-
Hi
Firstly thank you for all your help and assistance!
Ok I went to the add/remove programs and could only find iminent, which I have now removed.
I could not find "iminent protection" or "Easybits Go". Should I now just see how this gets on!?
Thank you again
Conan
-
hi,
OK. Your welcome. You can get another download to use:
Please download Adwcleaner.exe by Xplode onto your desktop.
Right click on AdwCleaner.exe icon and select "run as admin"
Click on the Search button
A logfile will automatically open after the scan has finished
Close AdwCleaner with the X button in the upper corner. Click OK at the prompt to exit Adwcleaner
Copy and paste the contents of the log in your next reply
You can also find the log file at your root drive C:\AdwCleaner[R1].txt
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules