Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: bchirpy on November 14, 2011, 10:03:43 AM
-
Please assist me as i think i have a virus - its deleting mail in twos and closing tabs in twos also affecting itunes and windows media player not closing turing off when clicking on close/stop.
Ive run mbam and super anti spyware both find nothing - dr web - still runnning but so far nothing, hijack this wont save to notepad not sure if it ends abbruptly,cccleaner has run, have dds files and will post next - updated java - but javara had a problem.
-
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by debbie at 16:36:52 on 2011-11-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4080.1703 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Consumer Input\dca-ua.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\HP Button Manager\BM.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGKU7VGI\a322r97g.exe
C:\Users\debbie\AppData\Local\Temp\E5B603AF-169516C9-307B3415-4F8D56AA\a1613e.exe
C:\Users\debbie\AppData\Local\Temp\E5B603AF-169516C9-307B3415-4F8D56AA\68594_xp.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotukdeals.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Consumer Input\dca-bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SA2.tmp" /EF "HKCU"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPBUTT~1.LNK - C:\Program Files (x86)\HP Button Manager\BM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube Download - C:\Users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1DE661A7-CBD7-411B-A619-99EF7096102E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D0E8DAD0-D467-482D-B0C2-EC67DDC98745} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D0E8DAD0-D467-482D-B0C2-EC67DDC98745}\3596475636F6D6534313346373 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D0E8DAD0-D467-482D-B0C2-EC67DDC98745}\E45647765616270223 : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935};Power Control [2010/06/23 23:37:12];C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [2010-4-15 146928]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/23 18:48:48];C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [2009-9-1 146928]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys --> C:\Windows\system32\DRIVERS\optousb.sys [?]
R3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys --> C:\Windows\system32\DRIVERS\optovcm.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
RUnknown DwProt;DwProt;
S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;C:\Windows\system32\DRIVERS\arusb_win7x.sys --> C:\Windows\system32\DRIVERS\arusb_win7x.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2011-11-14 16:28:51 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-14 15:41:10 388096 ----a-r- C:\Users\debbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-14 15:41:09 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-14 13:58:04 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\offreg.dll
2011-11-14 13:58:03 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\mpengine.dll
2011-11-14 13:11:57 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7845E7E-B698-4FC8-9C97-AC5D378A5456}\gapaengine.dll
2011-11-14 11:17:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-14 11:17:01 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-14 10:03:37 -------- d-----w- C:\Users\debbie\AppData\Local\{BC759C66-62EC-4828-B88D-5E51E28C2003}
2011-11-14 10:03:27 -------- d-----w- C:\Users\debbie\AppData\Local\{A4934B08-F1C9-4890-A1A3-E9EEA05AB8F9}
2011-11-13 22:03:02 -------- d-----w- C:\Users\debbie\AppData\Local\{CAB90685-3E29-47D8-99F4-15A27AC0F802}
2011-11-13 22:02:51 -------- d-----w- C:\Users\debbie\AppData\Local\{D9B06C1A-4034-47F1-8C49-AFACFDDF9D8B}
2011-11-13 22:02:40 -------- d-----w- C:\Users\debbie\AppData\Local\{2135084C-FF37-4787-AE4A-C12F112865B3}
2011-11-13 10:02:17 -------- d-----w- C:\Users\debbie\AppData\Local\{0ADFA177-B1C1-4727-86A4-C437F6B76A39}
2011-11-13 10:02:06 -------- d-----w- C:\Users\debbie\AppData\Local\{A866AD3D-D4BD-4C50-85AA-7BA4DBA22EDE}
2011-11-13 10:01:55 -------- d-----w- C:\Users\debbie\AppData\Local\{DA0C0867-0971-4236-8BAC-91D7682AE2D1}
2011-11-13 10:01:44 -------- d-----w- C:\Users\debbie\AppData\Local\{D8D29A8E-3A1B-4098-BCB5-B2906C8E472E}
2011-11-13 09:51:53 -------- d-----w- C:\Windows\Internet Logs
2011-11-12 22:01:19 -------- d-----w- C:\Users\debbie\AppData\Local\{0012A43F-E73F-4B62-91A1-573E41EA32BD}
2011-11-12 22:01:07 -------- d-----w- C:\Users\debbie\AppData\Local\{619BAEAB-E7D1-4BF2-99F6-4EA092CC6C6C}
2011-11-12 21:18:17 -------- d-----w- C:\Users\debbie\AppData\Local\{56D6A48F-E783-442A-841E-CFA93A02E210}
2011-11-12 09:18:04 -------- d-----w- C:\Users\debbie\AppData\Local\{D34DD43C-37C3-4CB1-BC9A-063CF4E707A1}
2011-11-12 09:17:54 -------- d-----w- C:\Users\debbie\AppData\Local\{282CA071-315D-4050-8E24-4EB4B423C162}
2011-11-12 09:17:43 -------- d-----w- C:\Program Files (x86)\CheckPoint
2011-11-12 09:17:32 -------- d-----w- C:\Users\debbie\AppData\Local\{43582B0A-2849-41BF-ACD0-E9831A9139EF}
2011-11-11 21:17:19 -------- d-----w- C:\Users\debbie\AppData\Local\{32F53044-B00A-40C6-BF42-EB5F8C9CE434}
2011-11-11 21:17:08 -------- d-----w- C:\Users\debbie\AppData\Local\{7C0159AF-6502-4091-9C52-25A7884DEE08}
2011-11-11 21:16:57 -------- d-----w- C:\Users\debbie\AppData\Local\{DC507951-AA92-46C4-8722-3E0CDAFCA001}
2011-11-11 09:17:44 -------- d-----w- C:\Users\debbie\AppData\Local\Sanford,_L.P
2011-11-11 09:16:38 -------- d-----w- C:\Users\debbie\AppData\Local\DYMO
2011-11-11 09:16:32 -------- d-----w- C:\Users\debbie\AppData\Local\{A2C74583-244B-4659-A72A-FE80053AA5AE}
2011-11-11 09:16:21 -------- d-----w- C:\Users\debbie\AppData\Local\{43FBB91E-8A39-49CA-94B2-A7F1791C432A}
2011-11-11 09:16:11 -------- d-----w- C:\Users\debbie\AppData\Local\{E5505424-BDD2-4A0C-A95D-2E85850BE26B}
2011-11-11 09:15:59 -------- d-----w- C:\Users\debbie\AppData\Local\{2EEC7660-E17E-4AE8-8699-917A44E99349}
2011-11-11 09:06:30 -------- d-----w- C:\Program Files (x86)\DYMO
2011-11-11 09:06:28 -------- d-----w- C:\ProgramData\DYMO
2011-11-10 21:15:34 -------- d-----w- C:\Users\debbie\AppData\Local\{038BF94B-1C1E-4DEF-8338-FAC64AF0D9BD}
2011-11-10 21:15:24 -------- d-----w- C:\Users\debbie\AppData\Local\{2E2C6693-3947-4AC0-8416-0522141EE8CB}
2011-11-10 09:14:59 -------- d-----w- C:\Users\debbie\AppData\Local\{8E34B4ED-3E6B-4902-97A3-823023E41F5B}
2011-11-10 09:14:46 -------- d-----w- C:\Users\debbie\AppData\Local\{FD46DDC7-67C4-4B4C-913E-1638168BE07D}
2011-11-09 21:04:00 -------- d-----w- C:\Users\debbie\AppData\Local\{79B35D4C-1DB1-439F-AC9A-57B60C655F66}
2011-11-09 21:03:48 -------- d-----w- C:\Users\debbie\AppData\Local\{779CBBCA-2D63-4DB1-95F3-1BDED02E38E9}
2011-11-09 09:03:23 -------- d-----w- C:\Users\debbie\AppData\Local\{FA3642A1-7FE5-40F7-AC48-028E97C2FEA8}
2011-11-09 09:03:12 -------- d-----w- C:\Users\debbie\AppData\Local\{449F6F9E-9DA8-4117-BD54-C4693437F82D}
2011-11-09 09:02:49 -------- d-----w- C:\Users\debbie\AppData\Local\{FE5EC346-7884-40B7-AD4E-FFFE59BF9805}
2011-11-09 08:59:44 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 08:59:44 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 08:59:43 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 08:59:42 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 21:02:37 -------- d-----w- C:\Users\debbie\AppData\Local\{88EAB128-AB34-40F6-B17C-CEBC42EC8646}
2011-11-08 21:02:26 -------- d-----w- C:\Users\debbie\AppData\Local\{9E4996E2-CD77-4BDA-BA14-58AF64864879}
2011-11-08 09:02:01 -------- d-----w- C:\Users\debbie\AppData\Local\{24BE27F3-554D-4FF8-A795-274D4EFCB612}
2011-11-08 09:01:51 -------- d-----w- C:\Users\debbie\AppData\Local\{47999781-7EC5-4CE4-8C1F-10B3FB79D12B}
2011-11-08 09:01:29 -------- d-----w- C:\Users\debbie\AppData\Local\{48936F55-BB75-46C7-BA55-F5C7E09B7A20}
2011-11-07 21:01:12 -------- d-----w- C:\Users\debbie\AppData\Local\{9296972D-58F7-40FD-8584-329DE974A5E9}
2011-11-07 21:01:01 -------- d-----w- C:\Users\debbie\AppData\Local\{3B8677C7-F9E7-4203-8C9A-00F90D02C54C}
2011-11-07 09:00:35 -------- d-----w- C:\Users\debbie\AppData\Local\{34FE005D-CC0B-4170-AC8C-1086136946FE}
2011-11-06 21:00:11 -------- d-----w- C:\Users\debbie\AppData\Local\{F2B9C7A7-8554-45BD-A2A1-15B1270A9E74}
2011-11-06 09:03:39 -------- d-----w- C:\Users\debbie\AppData\Local\{EFB7418E-F8C2-4978-A74F-A29AF34665B0}
2011-11-05 21:03:27 -------- d-----w- C:\Users\debbie\AppData\Local\{5CA5311D-A884-4B18-BD49-358557FDD649}
2011-11-05 21:03:16 -------- d-----w- C:\Users\debbie\AppData\Local\{CCD58C8A-DE75-4204-8C6A-CDA48D0BCCE1}
2011-11-05 21:02:55 -------- d-----w- C:\Users\debbie\AppData\Local\{791DD459-BFBD-4074-A0AE-8266C0404DBA}
2011-11-05 09:02:42 -------- d-----w- C:\Users\debbie\AppData\Local\{4ECEE8B8-B02A-4422-B8A0-51190B16057D}
2011-11-05 09:02:32 -------- d-----w- C:\Users\debbie\AppData\Local\{0E78E001-BB84-4033-9C97-EACA114E099D}
2011-11-05 09:02:10 -------- d-----w- C:\Users\debbie\AppData\Local\{D817A9DB-1F73-431E-89F5-4C8AF73E02BC}
2011-11-04 21:01:53 -------- d-----w- C:\Users\debbie\AppData\Local\{0E3D0920-290B-4BA2-A114-7CD6BCFAF28B}
2011-11-04 21:01:42 -------- d-----w- C:\Users\debbie\AppData\Local\{1E9926AC-1089-4DBA-B37E-7E3E233728FF}
2011-11-04 09:01:19 -------- d-----w- C:\Users\debbie\AppData\Local\{8559920D-47EB-4866-BDF6-9457B8E14F6C}
2011-11-04 09:01:08 -------- d-----w- C:\Users\debbie\AppData\Local\{649AB61A-8F5D-45A9-ADBC-AE6512442DB9}
2011-11-04 09:00:47 -------- d-----w- C:\Users\debbie\AppData\Local\{2C6BE58D-A510-4AAD-8786-DDE2587A18F9}
2011-11-03 21:00:35 -------- d-----w- C:\Users\debbie\AppData\Local\{C52CDA4C-860A-4DE7-8A8F-98BC4F7F455F}
2011-11-03 21:00:24 -------- d-----w- C:\Users\debbie\AppData\Local\{29043106-8D73-4FE6-90DB-94C5FB98090B}
2011-11-03 21:00:13 -------- d-----w- C:\Users\debbie\AppData\Local\{D34353ED-E1CF-4C5B-A230-B512A551518C}
2011-11-03 21:00:02 -------- d-----w- C:\Users\debbie\AppData\Local\{EB2E56EB-90BE-463A-BE88-D6C81E35CDFE}
2011-11-03 08:59:35 -------- d-----w- C:\Users\debbie\AppData\Local\{68774FF2-0388-40A4-A0ED-9EAE24A9FB2F}
2011-11-03 08:59:23 -------- d-----w- C:\Users\debbie\AppData\Local\{C27BA0A2-43FB-49FF-B9FF-314E711ADDD0}
2011-11-02 20:58:58 -------- d-----w- C:\Users\debbie\AppData\Local\{A9EABDD7-B47F-4FEC-97AA-E48EACAF3715}
2011-11-02 20:58:47 -------- d-----w- C:\Users\debbie\AppData\Local\{B87A1FB7-FEEF-40A1-A328-F1B59EED3727}
2011-11-02 20:58:36 -------- d-----w- C:\Users\debbie\AppData\Local\{4E9DBCB1-52B1-45B7-ADE3-6BEA3513B15E}
2011-11-02 08:58:11 -------- d-----w- C:\Users\debbie\AppData\Local\{09FCBEE5-1D30-4F8D-B438-0ED49A085E68}
2011-11-02 08:58:00 -------- d-----w- C:\Users\debbie\AppData\Local\{C8FD500B-2A14-4F66-83BA-76A1B73A4D37}
2011-11-02 08:57:37 -------- d-----w- C:\Users\debbie\AppData\Local\{85FEA4DB-EC69-4B5F-8695-767B22D6C236}
2011-11-01 20:57:25 -------- d-----w- C:\Users\debbie\AppData\Local\{AB4404EB-DBF1-4EF3-BD50-F8A1B556DAF7}
2011-11-01 20:57:14 -------- d-----w- C:\Users\debbie\AppData\Local\{68E0E89E-53D7-47BB-898B-9F4F9FCD9C4E}
2011-11-01 20:57:03 -------- d-----w- C:\Users\debbie\AppData\Local\{E994C665-06D1-41F7-A967-260806C5D41D}
2011-11-01 08:56:39 -------- d-----w- C:\Users\debbie\AppData\Local\{F8D0EED7-408D-4280-BA84-F1A1FC1C4CD0}
2011-11-01 08:56:29 -------- d-----w- C:\Users\debbie\AppData\Local\{EA5BAF11-27DC-44C0-A0C4-6BA8724DF7F8}
2011-11-01 08:56:07 -------- d-----w- C:\Users\debbie\AppData\Local\{721EFE93-7BD4-447A-952B-2F2DA4E79010}
2011-10-31 20:55:54 -------- d-----w- C:\Users\debbie\AppData\Local\{3E1D0D58-5D96-42FF-BA30-DF0794215049}
2011-10-31 20:55:43 -------- d-----w- C:\Users\debbie\AppData\Local\{86BF1D8F-49E9-438B-97D8-C2360BE7442D}
2011-10-31 20:55:21 -------- d-----w- C:\Users\debbie\AppData\Local\{F987B663-50F2-4EA0-9667-3343061DA416}
2011-10-31 08:55:08 -------- d-----w- C:\Users\debbie\AppData\Local\{E310592E-BF83-472C-A7AF-A102E5D5F0B8}
2011-10-31 08:54:58 -------- d-----w- C:\Users\debbie\AppData\Local\{4DA7BDEC-8DA4-4DA8-BDE0-51578BB80D47}
2011-10-31 08:54:47 -------- d-----w- C:\Users\debbie\AppData\Local\{9AEAAA10-8A12-4779-8846-165BBCD54443}
2011-10-30 20:54:24 -------- d-----w- C:\Users\debbie\AppData\Local\{949B2B4D-318C-4DCA-89F6-51C18722C440}
2011-10-30 20:54:13 -------- d-----w- C:\Users\debbie\AppData\Local\{F230E499-5101-4AF6-B1E0-7A122B4B1ADA}
2011-10-30 20:54:02 -------- d-----w- C:\Users\debbie\AppData\Local\{19B09071-46BC-4159-8DEE-7CAC03F92BAF}
2011-10-30 08:53:34 -------- d-----w- C:\Users\debbie\AppData\Local\{17EB8ED5-D946-473E-B914-832074D71BAC}
2011-10-30 08:53:23 -------- d-----w- C:\Users\debbie\AppData\Local\{A29EA914-41CE-4C94-9E74-B9157C67216F}
2011-10-30 08:52:49 -------- d-----w- C:\Users\debbie\AppData\Local\{81B38CE9-C8AF-4E57-8A81-4F3D6A3F1DDE}
2011-10-29 20:52:37 -------- d-----w- C:\Users\debbie\AppData\Local\{38520545-7EE1-444F-8D1E-A41F7ED31090}
2011-10-29 20:52:26 -------- d-----w- C:\Users\debbie\AppData\Local\{1272C443-A7EE-4C7F-A605-5714E6AEF1C5}
2011-10-29 20:52:15 -------- d-----w- C:\Users\debbie\AppData\Local\{F4BAE64E-53FE-4533-830E-B1BD96B403DC}
2011-10-29 08:51:52 -------- d-----w- C:\Users\debbie\AppData\Local\{B5701254-D239-4BCF-AA8C-CE4F2C0C4E9B}
2011-10-29 08:51:42 -------- d-----w- C:\Users\debbie\AppData\Local\{0A93772F-978B-4DD4-B3A3-19B0B547D330}
2011-10-29 08:51:31 -------- d-----w- C:\Users\debbie\AppData\Local\{29A212FB-7E71-48B1-AC8A-768D86B5760F}
2011-10-29 08:51:20 -------- d-----w- C:\Users\debbie\AppData\Local\{5358B238-ABBF-490C-80F0-840E5F4CFD8E}
2011-10-28 20:50:55 -------- d-----w- C:\Users\debbie\AppData\Local\{6A08777B-693E-4558-B115-A4FFAB0DD288}
2011-10-28 20:50:43 -------- d-----w- C:\Users\debbie\AppData\Local\{02E6AE1D-855A-4EFD-B3C8-FCF141E29A81}
2011-10-28 08:50:16 -------- d-----w- C:\Users\debbie\AppData\Local\{84CAC7B6-2658-4742-B75E-F6A2CC6F3096}
2011-10-28 08:50:05 -------- d-----w- C:\Users\debbie\AppData\Local\{97ACC7B6-7329-4DF7-9748-8A5E377C6773}
2011-10-27 20:49:52 -------- d-----w- C:\Users\debbie\AppData\Local\{11E9270B-E06B-4DF6-B9FA-0884FE41EE6A}
2011-10-27 20:49:41 -------- d-----w- C:\Users\debbie\AppData\Local\{9CEA4D64-2404-4899-8C86-B3D48686DAA2}
2011-10-27 08:49:26 -------- d-----w- C:\Users\debbie\AppData\Local\{958E0352-6F52-4332-9C67-D0782EB64DE0}
2011-10-27 08:48:59 -------- d-----w- C:\Users\debbie\AppData\Local\{E4F9F9B1-8EC7-416A-AEEF-B44D90ED8F67}
2011-10-26 20:48:46 -------- d-----w- C:\Users\debbie\AppData\Local\{83A31975-3C97-4111-B00F-1EB7E679BFEB}
2011-10-26 20:48:35 -------- d-----w- C:\Users\debbie\AppData\Local\{35C7D979-CF55-4DBD-A79D-B8BE61FAA379}
2011-10-26 08:48:22 -------- d-----w- C:\Users\debbie\AppData\Local\{95F3300F-C12F-448F-A56C-38268D272F6B}
2011-10-26 08:48:11 -------- d-----w- C:\Users\debbie\AppData\Local\{A5A933A2-7C65-41DD-BF5E-23B2C9D5390C}
2011-10-25 20:47:58 -------- d-----w- C:\Users\debbie\AppData\Local\{7DA0E8FA-D1EC-4362-8C38-497A17F1B85F}
2011-10-25 20:47:45 -------- d-----w- C:\Users\debbie\AppData\Local\{E17290FD-FFFA-4A61-8C96-4CE2252D8F0D}
2011-10-25 08:47:33 -------- d-----w- C:\Users\debbie\AppData\Local\{1A2A8787-A493-4FD7-8A5F-875DD239F151}
2011-10-25 08:47:22 -------- d-----w- C:\Users\debbie\AppData\Local\{B8BE6DFC-91E2-45FD-83E6-F6C435A06244}
2011-10-24 20:47:09 -------- d-----w- C:\Users\debbie\AppData\Local\{00314AD0-2C99-4CDF-BA54-13B8BD54F029}
2011-10-24 20:46:58 -------- d-----w- C:\Users\debbie\AppData\Local\{C4D3FCD2-E324-4D17-8FBD-EBA9B32887CF}
2011-10-24 08:46:46 -------- d-----w- C:\Users\debbie\AppData\Local\{48FAEB43-A08F-4040-A68C-E94D5FAD25F4}
2011-10-24 08:46:35 -------- d-----w- C:\Users\debbie\AppData\Local\{83271D93-B859-40A2-952D-6ACCA557DF76}
2011-10-23 20:46:22 -------- d-----w- C:\Users\debbie\AppData\Local\{FDA6E745-D0C1-4C62-970A-28089D23D982}
2011-10-23 20:46:11 -------- d-----w- C:\Users\debbie\AppData\Local\{2DF798C0-805E-41AB-B707-2BA05C2A5AE3}
2011-10-23 08:45:59 -------- d-----w- C:\Users\debbie\AppData\Local\{B6977F4A-1183-4A85-9DFF-BFDFA2EB2607}
2011-10-23 08:45:48 -------- d-----w- C:\Users\debbie\AppData\Local\{0E2A3A3A-04BF-4404-9080-A5A5B7E0C8DB}
2011-10-22 20:45:35 -------- d-----w- C:\Users\debbie\AppData\Local\{D35C0449-C77E-4905-8224-AA4DFFAD74E1}
2011-10-22 20:45:24 -------- d-----w- C:\Users\debbie\AppData\Local\{600A0BEE-6C48-4299-8CEC-1196B65EB0A6}
2011-10-22 08:45:12 -------- d-----w- C:\Users\debbie\AppData\Local\{D051BB0B-9A23-4EB6-BB6B-C580DA0B244C}
2011-10-22 08:45:01 -------- d-----w- C:\Users\debbie\AppData\Local\{EFF624E6-2F16-4CCC-8730-82DF8B8CBFEC}
2011-10-21 20:44:48 -------- d-----w- C:\Users\debbie\AppData\Local\{593229EB-7AB7-4CED-9840-443A0E0C5795}
2011-10-21 20:44:30 -------- d-----w- C:\Users\debbie\AppData\Local\{B9B0F7E6-CC2B-42F5-9E3F-E64A424DDA19}
2011-10-21 08:44:17 -------- d-----w- C:\Users\debbie\AppData\Local\{4023FBC2-BD88-465A-B404-08F4CD938012}
2011-10-21 08:44:06 -------- d-----w- C:\Users\debbie\AppData\Local\{3B63B46E-F5D5-4563-A565-FF822AF971DF}
2011-10-20 20:43:53 -------- d-----w- C:\Users\debbie\AppData\Local\{7F552F98-5AE2-40A1-A6BB-CBBE324B5A69}
2011-10-20 20:43:37 -------- d-----w- C:\Users\debbie\AppData\Local\{60EBA5E1-15AB-4F5C-9855-7AA5BF95457E}
2011-10-20 08:43:23 -------- d-----w- C:\Users\debbie\AppData\Local\{277924B6-EFE8-4743-B995-D1EB5D1B75A7}
2011-10-20 08:43:12 -------- d-----w- C:\Users\debbie\AppData\Local\{72099ACB-DA3D-4E0D-93C8-D97CD75C81B8}
2011-10-19 20:42:58 -------- d-----w- C:\Users\debbie\AppData\Local\{F1F0657F-0E54-4D9F-8921-8464A57BBD6B}
2011-10-19 20:42:47 -------- d-----w- C:\Users\debbie\AppData\Local\{8AC059F5-B4EA-4DA5-BE58-1F8EA3A7E3B6}
2011-10-19 08:42:33 -------- d-----w- C:\Users\debbie\AppData\Local\{A2C7DA01-ABEF-483B-8D4B-C7EE4689826A}
2011-10-19 08:42:21 -------- d-----w- C:\Users\debbie\AppData\Local\{D0F2B3E3-1BB1-4094-A4C0-38987783A9F5}
2011-10-18 20:42:09 -------- d-----w- C:\Users\debbie\AppData\Local\{E9AD2A36-B2FC-431E-9D64-CAB39D06B646}
2011-10-18 20:41:58 -------- d-----w- C:\Users\debbie\AppData\Local\{16A31F84-11B2-4014-B28B-0A60ADA71BDB}
2011-10-18 08:41:32 -------- d-----w- C:\Users\debbie\AppData\Local\{7137B1F8-03F1-4F8A-A7A7-193990C46E00}
2011-10-18 08:41:21 -------- d-----w- C:\Users\debbie\AppData\Local\{FE6AB8AE-DA6B-4537-92F1-6A591F51361A}
2011-10-17 20:40:55 -------- d-----w- C:\Users\debbie\AppData\Local\{81D99340-D731-45EC-8876-E57CDA61D6C9}
2011-10-17 20:40:44 -------- d-----w- C:\Users\debbie\AppData\Local\{F251EE1D-8C7E-410A-9857-341C81EDD841}
2011-10-17 08:40:30 -------- d-----w- C:\Users\debbie\AppData\Local\{D4C9602D-557F-4E6A-9EA4-621AA235B1A0}
2011-10-17 08:40:18 -------- d-----w- C:\Users\debbie\AppData\Local\{70665518-A6A0-4575-9F96-8245E430DA0F}
2011-10-16 20:40:05 -------- d-----w- C:\Users\debbie\AppData\Local\{55ADDC2C-6F17-4DC7-9BA3-4F0F05764FD6}
2011-10-16 20:39:54 -------- d-----w- C:\Users\debbie\AppData\Local\{4FB560F4-BD4D-4F89-B17E-FCA9304E6C4C}
2011-10-16 08:39:29 -------- d-----w- C:\Users\debbie\AppData\Local\{47DAC8E2-137C-4226-9789-5A4CAE08D776}
2011-10-16 08:39:17 -------- d-----w- C:\Users\debbie\AppData\Local\{CA82AB58-9E83-4DD6-BA49-04FE53CE3ED1}
2011-10-16 08:38:56 -------- d-----w- C:\Users\debbie\AppData\Local\{E74D8A9D-CBCC-4A4E-8828-0D189CA6FAE7}
2011-10-15 20:38:41 -------- d-----w- C:\Users\debbie\AppData\Local\{BDB82630-ABA6-4422-85EF-479FFF29EBC8}
2011-10-15 20:38:28 -------- d-----w- C:\Users\debbie\AppData\Local\{FD7560CA-3682-4707-8758-3097CD3A8511}
2011-10-15 20:38:14 -------- d-----w- C:\Users\debbie\AppData\Local\{EA15CBAA-917A-4524-8869-422D2D242521}
2011-10-15 20:37:57 -------- d-----w- C:\Users\debbie\AppData\Local\{AC6CFDE0-9C61-4FBC-8595-7D1A39865BCE}
2011-10-15 16:51:02 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
.
==================== Find3M ====================
.
2011-10-14 08:35:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 06:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-09-13 15:27:50 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-09-13 05:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 16:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-30 22:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 22:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 22:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 22:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 22:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 22:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 22:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 22:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 16:38:11.90 ===============
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07/07/2011 13:49:26
System Uptime: 13/11/2011 09:44:43 (31 hours ago)
.
Motherboard: Acer | | Aspire M3400
Processor: AMD Phenom(tm) II X6 1035T Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 84.119 GiB free.
D: is FIXED (NTFS) - 226 GiB total, 225.544 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 932 GiB total, 842.966 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP67: 10/11/2011 03:00:14 - Windows Update
RP68: 11/11/2011 03:00:12 - Windows Update
RP69: 11/11/2011 08:39:46 - Windows Update
RP70: 14/11/2011 14:26:50 - Windows Update
RP71: 14/11/2011 15:39:36 - Installed HiJackThis
RP72: 14/11/2011 16:27:17 - Installed Java(TM) 6 Update 29
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Advertising Center
Amazon MP3 Downloader 1.0.9
Amazonia
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
Bejeweled 2 Deluxe
BitTorrent
blinkbox Download Manager
Cake Mania
Chicken Invaders 2
Consumer Input Software (remove only)
Coupon Printer
CyberLink PowerDVD 9
D3DX10
Dairy Dash
Dream Day First Home
DYMO Label v.8
eBay Worldwide
eMule
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EpsonNet Print
EpsonNet Setup
eSobi v2
Farm Frenzy 2
File Type Assistant
Final Media Player 2011
Free Studio version 5.1.7
Galapago
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
HiJackThis
Hotkey Utility
HP Button Manager
HP Webcam User's Guide
Identity Card
ImagXpress
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaShow Espresso
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA PhysX
Paltalk Messenger
Panda ActiveScan 2.0
Peggle Nights
QuickTime
Realtek High Definition Audio Driver
RoboForm 7-3-2 (All Users)
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Shredder
Spin & Win
TP-LINK Wireless Client Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC 9.0 Runtime
Visual Studio 2008 x64 Redistributables
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
14/11/2011 13:41:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
14/11/2011 13:41:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
14/11/2011 13:41:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
14/11/2011 13:41:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
14/11/2011 13:41:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
14/11/2011 13:41:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
14/11/2011 13:41:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
14/11/2011 13:41:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
14/11/2011 13:11:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
14/11/2011 13:11:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
14/11/2011 13:11:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
14/11/2011 13:11:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: debbie-PC\debbie Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
13/11/2011 20:02:48, Error: Service Control Manager [7030] - The Local System Utility service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
13/11/2011 09:51:45, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
08/11/2011 18:26:40, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user debbie-PC\debbie SID (S-1-5-21-2872453390-2521149967-1654224917-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
08/11/2011 15:59:14, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR8.
.
==== End Of File ===========================
-
noted that i should post mbam and sas logs so running again :o
-
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8161
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
14/11/2011 18:21:23
mbam-log-2011-11-14 (18-21-23).txt
Scan type: Full scan (C:\|D:\|E:\|L:\|)
Objects scanned: 350959
Time elapsed: 1 hour(s), 9 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/14/2011 at 06:40 PM
Application Version : 5.0.1136
Core Rules Database Version : 7937
Trace Rules Database Version: 5749
Scan type : Complete Scan
Total Scan Time : 01:30:28
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 686
Memory threats detected : 0
Registry items scanned : 70968
Registry threats detected : 0
File items scanned : 55470
File threats detected : 4
Adware.Tracking Cookie
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\RZE1EKMI.txt [ Cookie:[email protected]/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SF6YJL3Z.txt [ Cookie:[email protected]/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROWUE38V.txt [ Cookie:[email protected]/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9AFW61S8.txt [ Cookie:[email protected]/ ]
-
Do you really expect someone to read all that? I would just disable all your startup items in msconfig (except for the ones obviously associated with your antivirus software).
Mod Edit: Yes! that's why this forum is here. To remove malware, not just the symptoms of malware. Would you like to learn to fight malware? (http://www.computerhope.com/forum/index.php/topic,57605.0.html)
-
how do i do that? I didn't realise i had to disable startup items ?
-
ok have disabled most - which log do i need to do again?
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The logs show that you're running two Anti-Virus programs; Microsoft Security Essentials and AVG Anti-Virus Free Edition 2012 . One will have to be disabled. I would suggest removing AVG.
P2P - I see you have P2P software installed on your machine. BitTorrentWe are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
******************************************************
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: RoboForm BHO - No File
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: DCA - No File
:COMMANDS
[resethosts]
[purity]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 11142011_200432
-
Many thanks for your help superdave here is the combofix report log
ComboFix 11-11-14.02 - debbie 14/11/2011 20:26:48.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4080.2681 [GMT 0:00]
Running from: c:\users\debbie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\debbie\AppData\Local\common_functions.dll
c:\users\debbie\AppData\Local\ie_runner_app.exe
c:\windows\Downloaded Program Files\popcaploader.inf
L:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 20:33 . 2011-11-14 20:33 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\offreg.dll
2011-11-14 20:31 . 2011-11-14 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 20:07 . 2011-11-14 20:07 -------- d-----w- c:\users\debbie\AppData\Roaming\AVG2012
2011-11-14 20:04 . 2011-11-14 20:04 -------- d-----w- C:\_OTL
2011-11-14 16:29 . 2011-11-14 16:29 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-14 16:28 . 2011-11-14 16:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-14 16:28 . 2011-11-14 16:28 -------- d-----w- c:\program files (x86)\Java
2011-11-14 15:41 . 2011-11-14 15:41 388096 ----a-r- c:\users\debbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-14 15:41 . 2011-11-14 15:41 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-14 13:58 . 2011-10-18 01:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\mpengine.dll
2011-11-14 13:11 . 2011-10-04 17:22 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7845E7E-B698-4FC8-9C97-AC5D378A5456}\gapaengine.dll
2011-11-14 11:17 . 2011-11-14 11:17 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-14 11:17 . 2011-11-14 11:18 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-13 09:51 . 2011-11-14 16:40 -------- d-----w- c:\windows\Internet Logs
2011-11-12 09:17 . 2011-11-13 09:51 -------- d-----w- c:\program files (x86)\CheckPoint
2011-11-11 09:17 . 2011-11-11 09:17 -------- d-----w- c:\users\debbie\AppData\Local\Sanford,_L.P
2011-11-11 09:16 . 2011-11-11 09:17 -------- d-----w- c:\users\debbie\AppData\Local\DYMO
2011-11-11 09:06 . 2011-11-11 09:06 -------- d-----w- c:\program files (x86)\DYMO
2011-11-11 09:06 . 2011-11-11 09:06 -------- d-----w- c:\programdata\DYMO
2011-11-09 08:59 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 08:59 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 08:59 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 08:59 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-10-21 23:46 . 2011-10-21 23:46 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 18:46 . 2011-07-08 02:26 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-14 08:35 . 2011-07-17 15:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-13 15:27 . 2011-09-13 15:27 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-09-01 05:24 . 2011-10-14 02:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-14 02:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-14 02:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-14 02:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-14 02:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-14 02:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 16:00 . 2011-07-20 11:59 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-13 11:20 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 11:20 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 11:20 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 11:20 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-17 05:26 . 2011-10-13 11:24 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-13 11:24 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-13 11:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-13 11:24 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
R3 arusb_win7x;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7x.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-13 140672]
S2 {6E090BD5-4EF5-4bf0-A968-74049E88E935};Power Control [2010/06/23 23:37];c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [2010-04-15 11:05 146928]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/23 18:48];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-01-28 32336]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]
.
2011-11-14 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-08-03 14:24]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 15:31]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 15:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotukdeals.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube Download - c:\users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DLSService - c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe
Toolbar-Locked - (no file)
HKLM-Run-ISW - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{6E090BD5-4EF5-4bf0-A968-74049E88E935}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2872453390-2521149967-1654224917-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2872453390-2521149967-1654224917-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2011-11-14 20:37:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 20:37
.
Pre-Run: 90,532,724,736 bytes free
Post-Run: 90,173,460,480 bytes free
.
- - End Of File - - C911B48FE127F7266FD0A61F33ADA2ED
-
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
-
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:224 Go - Free:83 Go )
D:\ [Fixed-NTFS] .. ( Total:225 Go - Free:225 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
K:\ [Removable]
L:\ [Fixed-NTFS] .. ( Total:931 Go - Free:843 Go )
Q:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 08:19.14
Path : C:\Users\debbie\Desktop\Rooter.exe
User : debbie ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ?????????? (328)
______ ?????????? (484)
______ ?????????? (568)
______ ?????????? (600)
______ ?????????? (624)
______ ?????????? (648)
______ ?????????? (656)
______ ?????????? (764)
______ ?????????? (828)
______ ?????????? (868)
______ ?????????? (932)
______ ?????????? (956)
______ ?????????? (128)
______ ?????????? (340)
______ ?????????? (412)
______ ?????????? (1132)
______ ?????????? (1284)
______ ?????????? (1292)
______ ?????????? (1352)
______ ?????????? (1516)
______ ?????????? (1524)
______ ?????????? (1732)
______ ?????????? (1828)
______ ?????????? (1856)
______ ?????????? (1944)
______ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1964)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1988)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2012)
______ ?????????? (2036)
______ ?????????? (1116)
______ ?????????? (1876)
______ ?????????? (2032)
______ ?????????? (2068)
______ C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (2096)
______ C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (2192)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2516)
______ ?????????? (2544)
______ C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (2580)
______ C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2624)
______ ?????????? (2676)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2784)
______ ?????????? (2824)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3228)
______ ?????????? (3472)
______ ?????????? (3508)
______ ?????????? (3852)
______ ?????????? (3940)
______ ?????????? (3964)
______ ?????????? (2800)
______ ?????????? (3748)
______ ?????????? (3760)
______ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1436)
______ C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (3584)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (3696)
______ ?????????? (4128)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4260)
______ ?????????? (4540)
______ ?????????? (4736)
______ ?????????? (4824)
______ ?????????? (3624)
______ ?????????? (3824)
______ ?????????? (5320)
______ ?????????? (5772)
Locked C:\Program Files (x86)\Internet Explorer\iexplore.exe (5988)
Locked C:\Program Files (x86)\Internet Explorer\iexplore.exe (6056)
______ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (4520)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (5440)
______ C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (5828)
______ C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (5092)
______ C:\Program Files (x86)\iTunes\iTunes.exe (3608)
Locked ???? (2844)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (1036)
______ ?????????? (5552)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (3440)
______ ?????????? (3432)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (4016)
______ ?????????? (4248)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (5888)
______ ?????????? (5864)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (1048)
______ ?????????? (6116)
______ ?????????? (5632)
______ ?????????? (3156)
______ ?????????? (5896)
______ ?????????? (2552)
______ ?????????? (5196)
______ C:\Users\debbie\Desktop\Rooter.exe (1392)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:16106127360)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:16107175936 | Length:104857600)
\Device\Harddisk0\Partition3 (Start_Offset:16212033536 | Length:241539481600)
\Device\Harddisk0\Partition4 (Start_Offset:257751515136 | Length:242288164864)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Epson Printer Software Downloader.job
C:\Windows\Tasks\Final Media Player Update Checker.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 08:19.27
.
C:\Rooter$\Rooter_2.txt - (15/11/2011 | 08:19.27)
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
do i need to stop windows defender and zone alarm for this? Many thanks :)
-
Eset didnt offer me to save any file as it found nothing at all and just said close and uninstall
-
How's the computer running now? Any other issues before we clean up?
-
computer running well no issues now - can i ask what it was? and also say a big thank you for helping me sort it ;D
-
can i ask what it was? and also say a big thank you for helping me sort it
Thank you but I don't want to discuss this in an open forum.
Let's do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
- Click the CleanUp button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
have cleaned up and added the extra security you suggest many thanks
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.