Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Document has moved, redirecting


  • This topic is locked This topic is locked
16 replies to this topic

#1 minimalist

minimalist

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 20 December 2012 - 11:50 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16442 BrowserJavaVersion: 10.9.2
Run by Hywel at 4:43:57 on 2012-12-21
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.44.2057.18.6039.2873 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AdminService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Hywel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Hywel\AppData\Roaming\Spotify\spotify.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.Camera_6.2.9200.20523_x64__8wekyb3d8bbwe\webcam.exe
C:\Windows\System32\CameraSettingsUIHost.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskhost.exe
C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20523_x64__8wekyb3d8bbwe\glcnd.exe
C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifasetup\fifaconfig.exe
C:\Program Files (x86)\MotioninJoy\ds3\DS3_Tool.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\System32\Notepad.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\WINDOWS\notepad.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://samsung.msn.com
uDefault_Page_URL = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Spotify] "C:\Users\Hywel\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Hywel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Speech Recognition] "C:\WINDOWS\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [{3DBF1B09-0215-469D-B9A8-F331C5514D5F}] "C:\Users\Hywel\Downloads\GameSalad-Creator-Setup.exe" /cmdloc "HKCU\Software\GameSalad AiTemp\{3DBF1B09-0215-469D-B9A8-F331C5514D5F}"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
mRunOnce: [SymInstallStub] C:\WINDOWS\SysWOW64\Adobe\Shockwave 11\SymInstallStub.exe /partnerid=adobe /productlist=rm /staging=false /delay=5 /debug /desktopshortcut=1 /startmenushortcut=1 /launchedby=3
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Hywel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{86C54DB8-801C-48FB-A37B-50D818839965} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{86C54DB8-801C-48FB-A37B-50D818839965}\45865602245736B6564702255637964656E63656 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 RapportCerberus_44365;RapportCerberus_44365;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys [2012-12-21 508024]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-11-14 224024]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-11-14 376600]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\WINDOWS\System32\Drivers\SABI.sys [2012-5-28 13824]
R2 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2012-8-29 208384]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-28 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-6 629984]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-28 127320]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-28 164184]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-23 138272]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\Drivers\btfilter.sys [2012-8-29 565760]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-23 167072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-25 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121219.001\IDSviA64.sys [2012-12-20 513184]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2011-12-5 331264]
R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2012-12-21 175352]
R3 RTL8167;Realtek 8167 NT Driver;C:\WINDOWS\System32\Drivers\Rt64win7.sys [2012-5-28 685160]
R3 SymDS;Symantec Data Store;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\symds64.sys [2012-10-23 451192]
R3 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\symefa64.sys [2012-10-23 1129120]
R3 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\ironx64.sys [2012-10-23 190072]
R3 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\symnets.sys [2012-10-23 405624]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\WINDOWS\System32\Drivers\iusb3hub.sys [2012-2-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\WINDOWS\System32\Drivers\iusb3xhc.sys [2012-2-27 788760]
S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2012-12-20 25928]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\WINDOWS\System32\Drivers\MijXfilt.sys [2012-11-4 115272]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2012-5-28 314472]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-7-9 52736]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-21 04:15:32 -------- d-----w- C:\Users\Hywel\AppData\Local\{E0C3581E-6B1D-42EB-BE49-A61B41B43AB5}
2012-12-21 04:04:58 236216 ----a-w- C:\WINDOWS\System32\drivers\RapportKE64.sys
2012-12-21 04:04:58 208152 ----a-w- C:\WINDOWS\System32\drivers\RapportHades64.sys
2012-12-21 04:04:21 -------- d-----w- C:\Users\Hywel\AppData\Local\Trusteer
2012-12-21 04:04:08 -------- d-----w- C:\Program Files (x86)\Trusteer
2012-12-21 04:02:13 -------- d-----w- C:\ProgramData\Trusteer
2012-12-20 19:50:46 -------- d-----w- C:\Users\Hywel\AppData\Roaming\Malwarebytes
2012-12-20 19:50:36 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-20 19:50:35 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2012-12-20 19:50:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-20 16:15:26 -------- d-----w- C:\Users\Hywel\AppData\Local\{97D7198D-17A8-400D-9CC2-7429ADA6E3E4}
2012-12-20 04:15:20 -------- d-----w- C:\Users\Hywel\AppData\Local\{D7087A2D-5DBA-4869-8DB2-65DBA26E839C}
2012-12-19 16:15:13 -------- d-----w- C:\Users\Hywel\AppData\Local\{7CBB2BBF-1D43-4B29-AF68-A4AF38D40D53}
2012-12-19 04:02:49 -------- d-----w- C:\Users\Hywel\AppData\Local\{62A5E8FE-1ABB-4376-BD07-BC20DDB551F2}
2012-12-18 16:02:43 -------- d-----w- C:\Users\Hywel\AppData\Local\{CA4D72CE-07E1-4644-8A88-140DD76C958B}
2012-12-18 01:55:30 -------- d-----w- C:\Users\Hywel\AppData\Local\{6F75FFC6-93EF-4B53-B326-8843A5942E5E}
2012-12-17 13:52:38 -------- d-----w- C:\Users\Hywel\AppData\Local\{F956CAA2-FAFC-4E7A-B7FC-BC088C52F623}
2012-12-17 01:52:31 -------- d-----w- C:\Users\Hywel\AppData\Local\{49C2C2C9-B063-4DA4-A5D1-58B12D4D0A72}
2012-12-16 13:52:26 -------- d-----w- C:\Users\Hywel\AppData\Local\{1E290BC3-641D-4F3B-A793-EAF56C1A3915}
2012-12-16 01:52:20 -------- d-----w- C:\Users\Hywel\AppData\Local\{2F3CEFA6-F791-41FC-8D7F-B5ACA8C4105D}
2012-12-15 13:52:13 -------- d-----w- C:\Users\Hywel\AppData\Local\{2A9BDD3B-9203-414A-A3B2-70ED4C70BEC6}
2012-12-15 00:20:44 -------- d-----w- C:\Users\Hywel\AppData\Local\{E5E9E24C-6E25-4757-9EEF-D70756059D52}
2012-12-14 12:20:36 -------- d-----w- C:\Users\Hywel\AppData\Local\{9E76F0DF-6B11-4148-8561-6D3CAD5AAFA2}
2012-12-14 00:20:28 -------- d-----w- C:\Users\Hywel\AppData\Local\{E6141504-FE09-4E9E-AF10-4B9304127A86}
2012-12-13 12:20:06 -------- d-----w- C:\Users\Hywel\AppData\Local\{8CE19158-02C8-48E3-AF1A-F186E8EB2653}
2012-12-12 15:09:49 -------- d-----w- C:\Users\Hywel\AppData\Local\{CE9EE0EF-DD94-45FD-9405-CAF795E21DF2}
2012-12-12 00:22:17 -------- d-----w- C:\Users\Hywel\AppData\Local\{544A51E2-1DFE-4B6D-906B-2C0B2BC82862}
2012-12-11 12:22:11 -------- d-----w- C:\Users\Hywel\AppData\Local\{FEE32E0F-20EA-4DDB-BD3B-692C05AF9933}
2012-12-11 11:28:07 213696 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10187.bin
2012-12-10 23:21:00 -------- d-----w- C:\Users\Hywel\AppData\Local\{010CC9D2-C48E-4E1F-869E-EB68ED7A1FC4}
2012-12-10 00:00:14 -------- d-----w- C:\WINDOWS\SysWow64\Adobe
2012-12-09 17:19:03 -------- d-----w- C:\Users\Hywel\AppData\Local\{ECB0CD46-6434-4E28-9E01-F252CD0F3F0A}
2012-12-08 20:58:39 -------- d-----w- C:\Users\Hywel\AppData\Local\{F04476E5-C9B1-45D3-92B4-C094F02EDE7D}
2012-12-08 03:01:45 -------- d-----w- C:\Users\Hywel\AppData\Local\{263957F4-6731-4DCE-AA5F-C45FF3D19527}
2012-12-07 12:51:17 -------- d-----w- C:\Users\Hywel\AppData\Local\{34D7EFB1-5B89-410F-8281-72E946A611FB}
2012-12-06 17:36:22 -------- d-----w- C:\Users\Hywel\AppData\Local\{64DC1193-AC85-4B7D-BE48-D657618BB4E8}
2012-12-06 05:36:16 -------- d-----w- C:\Users\Hywel\AppData\Local\{FA12813E-114C-4303-9019-508002D414A4}
2012-12-05 17:36:10 -------- d-----w- C:\Users\Hywel\AppData\Local\{888A69E3-9303-48E9-AF2E-CEDB13CED953}
2012-12-05 05:36:04 -------- d-----w- C:\Users\Hywel\AppData\Local\{6FC7269C-2356-4844-A375-F2A2E5CD18B7}
2012-12-04 17:27:44 -------- d-----w- C:\Users\Hywel\AppData\Local\{E6EDA2AD-D49E-4364-A38E-555D54893A9D}
2012-12-03 21:14:10 -------- d-----w- C:\Users\Hywel\AppData\Local\{BA51D36A-C559-4224-AAA0-3656E4BA5126}
2012-12-03 00:04:40 40960 ----a-r- C:\Users\Hywel\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-12-03 00:04:40 40960 ----a-r- C:\Users\Hywel\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-12-03 00:04:40 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2012-12-02 21:37:34 -------- d-----w- C:\Users\Hywel\AppData\Local\{C7468D01-0979-4B9B-ACA0-3568640CE521}
2012-12-02 01:17:38 49664 ----a-w- C:\WINDOWS\System32\CamCodec.dll
2012-12-02 01:17:38 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b
2012-12-01 20:32:07 -------- d-----w- C:\Users\Hywel\AppData\Local\GameSalad
2012-12-01 20:31:53 -------- d-----w- C:\Program Files (x86)\GameSalad
2012-12-01 20:31:26 -------- d-----w- C:\Program Files (x86)\Haali
2012-12-01 20:30:32 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-12-01 20:29:32 -------- d-----w- C:\Users\Hywel\AppData\Roaming\GameSalad
2012-12-01 18:02:28 -------- d-----w- C:\Users\Hywel\AppData\Local\{5B3A4965-0ECD-47E9-A22A-DE78E1CC1235}
2012-12-01 04:49:28 -------- d-----w- C:\Users\Hywel\AppData\Local\{8450647B-CCFF-43D7-AA4E-E541783A1D4B}
2012-11-30 16:49:22 -------- d-----w- C:\Users\Hywel\AppData\Local\{D8F9E44B-AE82-45C5-8530-6A578791E4EE}
2012-11-30 01:45:42 -------- d-----w- C:\Users\Hywel\AppData\Local\{6A494EB2-B221-4340-A0BD-E1C786412686}
2012-11-29 08:14:54 -------- d-----w- C:\Users\Hywel\AppData\Local\{D018D8FE-0038-41E0-92C0-7144DD21DCED}
2012-11-28 14:41:32 -------- d-----w- C:\Users\Hywel\AppData\Local\{573D146F-6770-4C82-AB2D-FEF7E059E368}
2012-11-28 02:41:26 -------- d-----w- C:\Users\Hywel\AppData\Local\{7BD8084E-B2B3-4EE5-9B37-BC3DF14A2F25}
2012-11-27 14:41:20 -------- d-----w- C:\Users\Hywel\AppData\Local\{925AAF76-7DC2-47D8-9EE9-3017A754523E}
2012-11-27 02:49:45 -------- d-----w- C:\Users\Hywel\Tracing
2012-11-27 02:49:36 -------- d-----w- C:\WINDOWS\System32\appmgmt
2012-11-27 02:47:10 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-11-27 02:47:02 -------- d-----w- C:\ProgramData\Tarma Installer
2012-11-27 02:46:53 -------- d-----w- C:\Program Files (x86)\TornTV.com
2012-11-27 00:22:19 -------- d-----w- C:\Users\Hywel\AppData\Local\{80751DE8-9F24-4619-9F30-21BC36484467}
2012-11-26 22:20:14 -------- d-----w- C:\Users\Hywel\AppData\Roaming\MetaQuotes
2012-11-26 12:22:00 -------- d-----w- C:\Users\Hywel\AppData\Local\{BF1C9FFE-00B8-4466-A4C2-D7E286922AE1}
2012-11-26 04:04:18 -------- d-----w- C:\Users\Hywel\AppData\Roaming\Serif
2012-11-26 04:04:18 -------- d-----w- C:\Users\Hywel\AppData\Local\Serif
2012-11-26 03:47:54 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-11-26 03:47:44 -------- d-----w- C:\Program Files (x86)\Serif
2012-11-25 19:46:49 -------- d-----w- C:\Users\Hywel\AppData\Local\{7D1C9671-BDCF-45B4-A858-33C1D7AB1520}
2012-11-23 18:03:09 -------- d-----r- C:\Program Files (x86)\Skype
2012-11-23 17:41:34 -------- d-----w- C:\Users\Hywel\AppData\Local\Apple Computer
2012-11-23 17:41:20 33240 ----a-w- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
2012-11-23 17:40:32 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-23 17:40:32 -------- d-----w- C:\Program Files\iTunes
2012-11-23 17:40:32 -------- d-----w- C:\Program Files\iPod
2012-11-23 17:40:32 -------- d-----w- C:\Program Files (x86)\iTunes
2012-11-23 17:39:34 -------- d-----w- C:\Users\Hywel\AppData\Local\Apple
2012-11-23 17:38:02 -------- d-----w- C:\Program Files\Bonjour
2012-11-23 17:38:02 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-11-23 12:38:13 -------- d-----w- C:\Users\Hywel\AppData\Local\{F3324EE7-6B27-464C-87BE-A019E16D48DC}
2012-11-23 00:38:06 -------- d-----w- C:\Users\Hywel\AppData\Local\{7CF82741-D71E-499C-AA5E-3A774BC3583E}
2012-11-22 12:37:59 -------- d-----w- C:\Users\Hywel\AppData\Local\{69AB0FC9-33C3-492F-B3AC-C96FF5D2B71D}
2012-11-22 00:04:02 -------- d-----w- C:\Users\Hywel\AppData\Local\{02CCA8B5-2752-465B-85F7-DA109DF63416}
.
==================== Find3M ====================
.
2012-11-02 05:22:08 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2012-11-02 05:21:44 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2012-11-02 05:21:44 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2012-11-02 05:21:28 246784 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll
2012-11-02 05:20:31 39424 ----a-w- C:\WINDOWS\System32\wuapp.exe
2012-11-02 05:20:28 77824 ----a-w- C:\WINDOWS\System32\taskhost.exe
2012-11-02 05:20:28 72192 ----a-w- C:\WINDOWS\System32\taskhostex.exe
2012-11-02 05:20:10 141824 ----a-w- C:\WINDOWS\System32\wuwebv.dll
2012-11-02 05:20:09 98304 ----a-w- C:\WINDOWS\System32\wudriver.dll
2012-11-02 05:20:09 251904 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2012-11-02 05:20:09 17408 ----a-w- C:\WINDOWS\System32\wuaext.dll
2012-11-02 05:20:09 1619968 ----a-w- C:\WINDOWS\System32\wucltux.dll
2012-11-02 05:19:50 318464 ----a-w- C:\WINDOWS\System32\ubpm.dll
2012-11-02 05:01:27 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll
2012-11-02 04:55:32 212992 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2012-11-02 04:53:13 366080 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2012-10-29 05:04:47 522640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2012-10-29 05:04:47 490064 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2012-10-29 05:04:47 447792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2012-10-29 05:04:47 253512 ----a-w- C:\WINDOWS\System32\audiodg.exe
2012-10-29 03:21:53 1526784 ----a-w- C:\WINDOWS\System32\mfcore.dll
2012-10-29 03:21:21 267264 ----a-w- C:\WINDOWS\System32\EncDump.dll
2012-10-29 03:20:49 785920 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2012-10-29 03:20:49 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2012-10-29 03:19:08 463768 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2012-10-29 03:19:08 427568 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2012-10-29 03:19:08 324344 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2012-10-29 02:46:23 1451520 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2012-10-26 22:19:09 80728 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 22:19:09 695648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2012-10-24 04:54:06 6972136 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2012-10-24 03:25:41 26624 ----a-w- C:\WINDOWS\System32\ReAgentc.exe
2012-10-24 03:24:42 439296 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2012-10-24 03:06:12 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2012-10-24 02:48:12 24064 ----a-w- C:\WINDOWS\SysWow64\ReAgentc.exe
2012-10-24 02:47:29 371712 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2012-10-24 02:27:01 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2012-10-23 17:56:00 95208 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2012-10-23 17:55:59 821736 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2012-10-23 17:55:59 746984 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2012-10-20 03:22:05 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2012-10-20 02:44:53 431104 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2012-10-20 02:25:35 310784 ----a-w- C:\WINDOWS\apppatch\AcRes.dll
2012-10-19 04:59:28 4056576 ----a-w- C:\WINDOWS\System32\win32k.sys
2012-10-19 04:52:32 49056 ----a-w- C:\WINDOWS\System32\drivers\Dot4usb.sys
2012-10-19 04:52:32 3867040 ----a-w- C:\WINDOWS\System32\PortChanger.exe
2012-10-19 04:52:32 2398112 ----a-w- C:\WINDOWS\System32\hppldcoi.dll
2012-10-19 04:52:32 151968 ----a-w- C:\WINDOWS\System32\drivers\Dot4.sys
2012-10-19 04:52:30 27040 ----a-w- C:\WINDOWS\System32\drivers\Dot4Prt.sys
2012-10-18 06:17:18 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2012-10-18 03:20:46 10096640 ----a-w- C:\WINDOWS\System32\twinui.dll
2012-10-18 03:18:40 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2012-10-18 03:18:33 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2012-10-18 02:46:00 8856576 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2012-10-18 02:44:38 2033664 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2012-10-18 02:44:33 753664 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2012-10-17 04:32:52 1172992 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2012-10-17 04:32:51 677888 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2012-10-17 04:32:51 673280 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2012-10-17 04:32:50 1048064 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2012-10-17 03:57:37 929792 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2012-10-17 03:57:37 568832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2012-10-17 03:57:37 513024 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2012-10-17 03:57:36 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2012-10-12 08:08:01 27880 ----a-w- C:\WINDOWS\System32\drivers\rdpvideominiport.sys
2012-10-12 06:14:54 87040 ----a-w- C:\WINDOWS\System32\srmtrace.dll
2012-10-12 06:14:54 652800 ----a-w- C:\WINDOWS\System32\srmscan.dll
2012-10-12 06:14:54 30720 ----a-w- C:\WINDOWS\System32\srm_ps.dll
2012-10-12 06:14:54 279040 ----a-w- C:\WINDOWS\System32\srm.dll
2012-10-12 06:14:54 274432 ----a-w- C:\WINDOWS\System32\srmstormod.dll
2012-10-12 06:14:54 172032 ----a-w- C:\WINDOWS\System32\srmshell.dll
2012-10-12 06:14:54 1347072 ----a-w- C:\WINDOWS\System32\srmclient.dll
2012-10-12 06:14:54 134144 ----a-w- C:\WINDOWS\System32\adrclient.dll
2012-10-12 06:14:40 36352 ----a-w- C:\WINDOWS\System32\rfxvmt.dll
2012-10-12 06:14:39 3244032 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2012-10-12 06:14:34 115712 ----a-w- C:\WINDOWS\System32\wbem\PolicMan.dll
2012-10-12 06:13:32 109568 ----a-w- C:\WINDOWS\System32\dskquota.dll
2012-10-12 05:50:01 235520 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2012-10-12 05:46:28 618496 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2012-10-12 05:41:02 987648 ----a-w- C:\WINDOWS\SysWow64\srmclient.dll
2012-10-12 05:41:02 68096 ----a-w- C:\WINDOWS\SysWow64\srmtrace.dll
2012-10-12 05:41:02 487936 ----a-w- C:\WINDOWS\SysWow64\srmscan.dll
2012-10-12 05:41:02 278528 ----a-w- C:\WINDOWS\SysWow64\srm.dll
2012-10-12 05:41:02 202240 ----a-w- C:\WINDOWS\SysWow64\srmstormod.dll
2012-10-12 05:41:02 15872 ----a-w- C:\WINDOWS\SysWow64\srm_ps.dll
2012-10-12 05:41:02 128000 ----a-w- C:\WINDOWS\SysWow64\srmshell.dll
2012-10-12 05:41:02 104448 ----a-w- C:\WINDOWS\SysWow64\adrclient.dll
2012-10-12 05:40:49 84992 ----a-w- C:\WINDOWS\SysWow64\wbem\PolicMan.dll
2012-10-12 05:39:54 82944 ----a-w- C:\WINDOWS\SysWow64\dskquota.dll
2012-10-11 07:47:18 793200 ----a-w- C:\WINDOWS\System32\mfplat.dll
2012-10-11 07:35:16 2380944 ----a-w- C:\WINDOWS\explorer.exe
2012-10-11 07:26:44 336104 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2012-10-11 07:25:48 56552 ----a-w- C:\WINDOWS\System32\drivers\sdstor.sys
2012-10-11 07:23:33 1001192 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2012-10-11 07:23:32 441576 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
2012-10-11 07:18:25 172264 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2012-10-11 07:16:20 1403784 ----a-w- C:\WINDOWS\System32\winload.efi
2012-10-11 07:16:20 1267424 ----a-w- C:\WINDOWS\System32\winload.exe
2012-10-11 07:16:20 1217328 ----a-w- C:\WINDOWS\System32\winresume.efi
2012-10-11 07:16:19 1093880 ----a-w- C:\WINDOWS\System32\winresume.exe
.
============= FINISH: 4:45:21.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 minimalist

minimalist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 20 December 2012 - 11:52 PM

Using Google Chrome, get the message when I click on links from a Google search. Redirects to crappy spam sites of no interest. Using Windows 8.

Thanks very much in advance.

#3 minimalist

minimalist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 24 December 2012 - 09:52 AM

Hello, I don't wish to bump but I notice several people have posted after me and had responses yet my post has drifted into the ether. Just wondering if it's been missed?

Kind regards.

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 25 December 2012 - 11:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/479176 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 minimalist

minimalist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 December 2012 - 01:36 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16442 BrowserJavaVersion: 10.9.2
Run by Hywel at 6:34:20 on 2012-12-26
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.44.2057.18.6039.2128 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AdminService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Hywel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Hywel\AppData\Roaming\Spotify\spotify.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.Camera_6.2.9200.20523_x64__8wekyb3d8bbwe\webcam.exe
C:\Windows\System32\CameraSettingsUIHost.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskhost.exe
C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20523_x64__8wekyb3d8bbwe\glcnd.exe
C:\WINDOWS\System32\Notepad.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\WINDOWS\notepad.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\splwow64.exe
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
C:\Program Files (x86)\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifasetup\fifaconfig.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://samsung.msn.com
uDefault_Page_URL = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Spotify] "C:\Users\Hywel\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Hywel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Speech Recognition] "C:\WINDOWS\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [{3DBF1B09-0215-469D-B9A8-F331C5514D5F}] "C:\Users\Hywel\Downloads\GameSalad-Creator-Setup.exe" /cmdloc "HKCU\Software\GameSalad AiTemp\{3DBF1B09-0215-469D-B9A8-F331C5514D5F}"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
mRunOnce: [SymInstallStub] C:\WINDOWS\SysWOW64\Adobe\Shockwave 11\SymInstallStub.exe /partnerid=adobe /productlist=rm /staging=false /delay=5 /debug /desktopshortcut=1 /startmenushortcut=1 /launchedby=3
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Hywel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{86C54DB8-801C-48FB-A37B-50D818839965} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{86C54DB8-801C-48FB-A37B-50D818839965}\244524573796E6563737845726D2233373 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 RapportCerberus_44365;RapportCerberus_44365;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys [2012-12-21 508024]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-11-14 224024]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-11-14 376600]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\WINDOWS\System32\Drivers\SABI.sys [2012-5-28 13824]
R2 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2012-8-29 208384]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-28 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-6 629984]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-28 127320]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-28 164184]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-20 399432]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-23 138272]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-11-14 1115992]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-28 362840]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\Drivers\btfilter.sys [2012-8-29 565760]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-23 167072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-25 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121222.001\IDSviA64.sys [2012-12-24 513184]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2011-12-5 331264]
R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2012-12-21 175352]
R3 RTL8167;Realtek 8167 NT Driver;C:\WINDOWS\System32\Drivers\Rt64win7.sys [2012-5-28 685160]
R3 SymDS;Symantec Data Store;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\symds64.sys [2012-10-23 451192]
R3 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\symefa64.sys [2012-10-23 1129120]
R3 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\ironx64.sys [2012-10-23 190072]
R3 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\Drivers\NISx64\1309000.009\symnets.sys [2012-10-23 405624]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-20 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\WINDOWS\System32\Drivers\iusb3hub.sys [2012-2-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\WINDOWS\System32\Drivers\iusb3xhc.sys [2012-2-27 788760]
S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2012-12-20 25928]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\WINDOWS\System32\Drivers\MijXfilt.sys [2012-11-4 115272]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2012-5-28 314472]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-7-9 52736]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-25 23:19:01 -------- d-----w- C:\Users\Hywel\AppData\Local\{079834CA-D209-4ADF-A52C-67B1407FBEE0}
2012-12-25 11:09:38 -------- d-----w- C:\Users\Hywel\AppData\Local\{FA038185-FBF1-49D0-A3A8-32129B363E40}
2012-12-24 21:58:21 -------- d-----w- C:\Users\Hywel\AppData\Local\{EDE884FE-C52A-42FB-8D83-AD4EEBF79295}
2012-12-24 09:43:30 -------- d-----w- C:\Users\Hywel\AppData\Local\{25F1512D-1F98-4916-B79C-415968645292}
2012-12-23 21:00:42 -------- d-----w- C:\Users\Hywel\AppData\Local\{602FF926-3133-4C7C-91D4-F542F69DC5A4}
2012-12-23 08:53:06 -------- d-----w- C:\Users\Hywel\AppData\Local\{68F411AC-41B1-4B8A-A5AB-F41CFF4B5813}
2012-12-23 02:59:52 -------- d-----w- C:\Users\Hywel\AppData\Local\Diagnostics
2012-12-22 18:30:54 -------- d-----w- C:\Users\Hywel\AppData\Local\{9BE2DA81-C291-418B-900A-BD045819733E}
2012-12-22 04:15:45 -------- d-----w- C:\Users\Hywel\AppData\Local\{C50E2872-A02D-4AD8-AAAD-9B85ACD7AEAC}
2012-12-21 16:15:39 -------- d-----w- C:\Users\Hywel\AppData\Local\{BE17F3FD-554A-42AE-BD39-4971A48CA9AB}
2012-12-21 04:15:32 -------- d-----w- C:\Users\Hywel\AppData\Local\{E0C3581E-6B1D-42EB-BE49-A61B41B43AB5}
2012-12-21 04:04:58 236216 ----a-w- C:\WINDOWS\System32\drivers\RapportKE64.sys
2012-12-21 04:04:58 208152 ----a-w- C:\WINDOWS\System32\drivers\RapportHades64.sys
2012-12-21 04:04:21 -------- d-----w- C:\Users\Hywel\AppData\Local\Trusteer
2012-12-21 04:04:08 -------- d-----w- C:\Program Files (x86)\Trusteer
2012-12-21 04:02:13 -------- d-----w- C:\ProgramData\Trusteer
2012-12-20 19:50:46 -------- d-----w- C:\Users\Hywel\AppData\Roaming\Malwarebytes
2012-12-20 19:50:36 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-20 19:50:35 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2012-12-20 19:50:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-20 16:15:26 -------- d-----w- C:\Users\Hywel\AppData\Local\{97D7198D-17A8-400D-9CC2-7429ADA6E3E4}
2012-12-20 04:15:20 -------- d-----w- C:\Users\Hywel\AppData\Local\{D7087A2D-5DBA-4869-8DB2-65DBA26E839C}
2012-12-19 16:15:13 -------- d-----w- C:\Users\Hywel\AppData\Local\{7CBB2BBF-1D43-4B29-AF68-A4AF38D40D53}
2012-12-19 04:02:49 -------- d-----w- C:\Users\Hywel\AppData\Local\{62A5E8FE-1ABB-4376-BD07-BC20DDB551F2}
2012-12-18 16:02:43 -------- d-----w- C:\Users\Hywel\AppData\Local\{CA4D72CE-07E1-4644-8A88-140DD76C958B}
2012-12-18 01:55:30 -------- d-----w- C:\Users\Hywel\AppData\Local\{6F75FFC6-93EF-4B53-B326-8843A5942E5E}
2012-12-17 13:52:38 -------- d-----w- C:\Users\Hywel\AppData\Local\{F956CAA2-FAFC-4E7A-B7FC-BC088C52F623}
2012-12-17 01:52:31 -------- d-----w- C:\Users\Hywel\AppData\Local\{49C2C2C9-B063-4DA4-A5D1-58B12D4D0A72}
2012-12-16 13:52:26 -------- d-----w- C:\Users\Hywel\AppData\Local\{1E290BC3-641D-4F3B-A793-EAF56C1A3915}
2012-12-16 01:52:20 -------- d-----w- C:\Users\Hywel\AppData\Local\{2F3CEFA6-F791-41FC-8D7F-B5ACA8C4105D}
2012-12-15 13:52:13 -------- d-----w- C:\Users\Hywel\AppData\Local\{2A9BDD3B-9203-414A-A3B2-70ED4C70BEC6}
2012-12-15 00:20:44 -------- d-----w- C:\Users\Hywel\AppData\Local\{E5E9E24C-6E25-4757-9EEF-D70756059D52}
2012-12-14 12:20:36 -------- d-----w- C:\Users\Hywel\AppData\Local\{9E76F0DF-6B11-4148-8561-6D3CAD5AAFA2}
2012-12-14 00:20:28 -------- d-----w- C:\Users\Hywel\AppData\Local\{E6141504-FE09-4E9E-AF10-4B9304127A86}
2012-12-13 12:20:06 -------- d-----w- C:\Users\Hywel\AppData\Local\{8CE19158-02C8-48E3-AF1A-F186E8EB2653}
2012-12-12 15:09:49 -------- d-----w- C:\Users\Hywel\AppData\Local\{CE9EE0EF-DD94-45FD-9405-CAF795E21DF2}
2012-12-12 00:22:17 -------- d-----w- C:\Users\Hywel\AppData\Local\{544A51E2-1DFE-4B6D-906B-2C0B2BC82862}
2012-12-11 12:22:11 -------- d-----w- C:\Users\Hywel\AppData\Local\{FEE32E0F-20EA-4DDB-BD3B-692C05AF9933}
2012-12-11 11:28:07 213696 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10187.bin
2012-12-10 23:21:00 -------- d-----w- C:\Users\Hywel\AppData\Local\{010CC9D2-C48E-4E1F-869E-EB68ED7A1FC4}
2012-12-10 00:00:14 -------- d-----w- C:\WINDOWS\SysWow64\Adobe
2012-12-09 17:19:03 -------- d-----w- C:\Users\Hywel\AppData\Local\{ECB0CD46-6434-4E28-9E01-F252CD0F3F0A}
2012-12-08 20:58:39 -------- d-----w- C:\Users\Hywel\AppData\Local\{F04476E5-C9B1-45D3-92B4-C094F02EDE7D}
2012-12-08 03:01:45 -------- d-----w- C:\Users\Hywel\AppData\Local\{263957F4-6731-4DCE-AA5F-C45FF3D19527}
2012-12-07 12:51:17 -------- d-----w- C:\Users\Hywel\AppData\Local\{34D7EFB1-5B89-410F-8281-72E946A611FB}
2012-12-06 17:36:22 -------- d-----w- C:\Users\Hywel\AppData\Local\{64DC1193-AC85-4B7D-BE48-D657618BB4E8}
2012-12-06 05:36:16 -------- d-----w- C:\Users\Hywel\AppData\Local\{FA12813E-114C-4303-9019-508002D414A4}
2012-12-05 17:36:10 -------- d-----w- C:\Users\Hywel\AppData\Local\{888A69E3-9303-48E9-AF2E-CEDB13CED953}
2012-12-05 05:36:04 -------- d-----w- C:\Users\Hywel\AppData\Local\{6FC7269C-2356-4844-A375-F2A2E5CD18B7}
2012-12-04 17:27:44 -------- d-----w- C:\Users\Hywel\AppData\Local\{E6EDA2AD-D49E-4364-A38E-555D54893A9D}
2012-12-03 21:14:10 -------- d-----w- C:\Users\Hywel\AppData\Local\{BA51D36A-C559-4224-AAA0-3656E4BA5126}
2012-12-03 00:04:40 40960 ----a-r- C:\Users\Hywel\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-12-03 00:04:40 40960 ----a-r- C:\Users\Hywel\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-12-03 00:04:40 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2012-12-02 21:37:34 -------- d-----w- C:\Users\Hywel\AppData\Local\{C7468D01-0979-4B9B-ACA0-3568640CE521}
2012-12-02 01:17:38 49664 ----a-w- C:\WINDOWS\System32\CamCodec.dll
2012-12-02 01:17:38 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b
2012-12-01 20:32:07 -------- d-----w- C:\Users\Hywel\AppData\Local\GameSalad
2012-12-01 20:31:53 -------- d-----w- C:\Program Files (x86)\GameSalad
2012-12-01 20:31:26 -------- d-----w- C:\Program Files (x86)\Haali
2012-12-01 20:30:32 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-12-01 20:29:32 -------- d-----w- C:\Users\Hywel\AppData\Roaming\GameSalad
2012-12-01 18:02:28 -------- d-----w- C:\Users\Hywel\AppData\Local\{5B3A4965-0ECD-47E9-A22A-DE78E1CC1235}
2012-12-01 04:49:28 -------- d-----w- C:\Users\Hywel\AppData\Local\{8450647B-CCFF-43D7-AA4E-E541783A1D4B}
2012-11-30 16:49:22 -------- d-----w- C:\Users\Hywel\AppData\Local\{D8F9E44B-AE82-45C5-8530-6A578791E4EE}
2012-11-30 01:45:42 -------- d-----w- C:\Users\Hywel\AppData\Local\{6A494EB2-B221-4340-A0BD-E1C786412686}
2012-11-29 08:14:54 -------- d-----w- C:\Users\Hywel\AppData\Local\{D018D8FE-0038-41E0-92C0-7144DD21DCED}
2012-11-28 14:41:32 -------- d-----w- C:\Users\Hywel\AppData\Local\{573D146F-6770-4C82-AB2D-FEF7E059E368}
2012-11-28 02:41:26 -------- d-----w- C:\Users\Hywel\AppData\Local\{7BD8084E-B2B3-4EE5-9B37-BC3DF14A2F25}
2012-11-27 14:41:20 -------- d-----w- C:\Users\Hywel\AppData\Local\{925AAF76-7DC2-47D8-9EE9-3017A754523E}
2012-11-27 02:49:45 -------- d-----w- C:\Users\Hywel\Tracing
2012-11-27 02:49:36 -------- d-----w- C:\WINDOWS\System32\appmgmt
2012-11-27 02:47:10 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-11-27 02:47:02 -------- d-----w- C:\ProgramData\Tarma Installer
2012-11-27 02:46:53 -------- d-----w- C:\Program Files (x86)\TornTV.com
2012-11-27 00:22:19 -------- d-----w- C:\Users\Hywel\AppData\Local\{80751DE8-9F24-4619-9F30-21BC36484467}
2012-11-26 22:20:14 -------- d-----w- C:\Users\Hywel\AppData\Roaming\MetaQuotes
2012-11-26 12:22:00 -------- d-----w- C:\Users\Hywel\AppData\Local\{BF1C9FFE-00B8-4466-A4C2-D7E286922AE1}
.
==================== Find3M ====================
.
2012-11-02 05:22:08 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2012-11-02 05:21:44 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2012-11-02 05:21:44 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2012-11-02 05:21:28 246784 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll
2012-11-02 05:20:31 39424 ----a-w- C:\WINDOWS\System32\wuapp.exe
2012-11-02 05:20:28 77824 ----a-w- C:\WINDOWS\System32\taskhost.exe
2012-11-02 05:20:28 72192 ----a-w- C:\WINDOWS\System32\taskhostex.exe
2012-11-02 05:20:10 141824 ----a-w- C:\WINDOWS\System32\wuwebv.dll
2012-11-02 05:20:09 98304 ----a-w- C:\WINDOWS\System32\wudriver.dll
2012-11-02 05:20:09 251904 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2012-11-02 05:20:09 17408 ----a-w- C:\WINDOWS\System32\wuaext.dll
2012-11-02 05:20:09 1619968 ----a-w- C:\WINDOWS\System32\wucltux.dll
2012-11-02 05:19:50 318464 ----a-w- C:\WINDOWS\System32\ubpm.dll
2012-11-02 05:01:27 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll
2012-11-02 04:55:32 212992 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2012-11-02 04:53:13 366080 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2012-10-29 05:04:47 522640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2012-10-29 05:04:47 490064 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2012-10-29 05:04:47 447792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2012-10-29 05:04:47 253512 ----a-w- C:\WINDOWS\System32\audiodg.exe
2012-10-29 03:21:53 1526784 ----a-w- C:\WINDOWS\System32\mfcore.dll
2012-10-29 03:21:21 267264 ----a-w- C:\WINDOWS\System32\EncDump.dll
2012-10-29 03:20:49 785920 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2012-10-29 03:20:49 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2012-10-29 03:19:08 463768 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2012-10-29 03:19:08 427568 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2012-10-29 03:19:08 324344 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2012-10-29 02:46:23 1451520 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2012-10-26 22:19:09 80728 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 22:19:09 695648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2012-10-24 04:54:06 6972136 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2012-10-24 03:25:41 26624 ----a-w- C:\WINDOWS\System32\ReAgentc.exe
2012-10-24 03:24:42 439296 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2012-10-24 03:06:12 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2012-10-24 02:48:12 24064 ----a-w- C:\WINDOWS\SysWow64\ReAgentc.exe
2012-10-24 02:47:29 371712 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2012-10-24 02:27:01 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2012-10-23 17:56:00 95208 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2012-10-23 17:55:59 821736 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2012-10-23 17:55:59 746984 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2012-10-20 03:22:05 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2012-10-20 02:44:53 431104 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2012-10-20 02:25:35 310784 ----a-w- C:\WINDOWS\apppatch\AcRes.dll
2012-10-19 04:59:28 4056576 ----a-w- C:\WINDOWS\System32\win32k.sys
2012-10-19 04:52:32 49056 ----a-w- C:\WINDOWS\System32\drivers\Dot4usb.sys
2012-10-19 04:52:32 3867040 ----a-w- C:\WINDOWS\System32\PortChanger.exe
2012-10-19 04:52:32 2398112 ----a-w- C:\WINDOWS\System32\hppldcoi.dll
2012-10-19 04:52:32 151968 ----a-w- C:\WINDOWS\System32\drivers\Dot4.sys
2012-10-19 04:52:30 27040 ----a-w- C:\WINDOWS\System32\drivers\Dot4Prt.sys
2012-10-18 06:17:18 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2012-10-18 03:20:46 10096640 ----a-w- C:\WINDOWS\System32\twinui.dll
2012-10-18 03:18:40 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2012-10-18 03:18:33 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2012-10-18 02:46:00 8856576 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2012-10-18 02:44:38 2033664 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2012-10-18 02:44:33 753664 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2012-10-17 04:32:52 1172992 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2012-10-17 04:32:51 677888 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2012-10-17 04:32:51 673280 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2012-10-17 04:32:50 1048064 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2012-10-17 03:57:37 929792 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2012-10-17 03:57:37 568832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2012-10-17 03:57:37 513024 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2012-10-17 03:57:36 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2012-10-12 08:08:01 27880 ----a-w- C:\WINDOWS\System32\drivers\rdpvideominiport.sys
2012-10-12 06:14:54 87040 ----a-w- C:\WINDOWS\System32\srmtrace.dll
2012-10-12 06:14:54 652800 ----a-w- C:\WINDOWS\System32\srmscan.dll
2012-10-12 06:14:54 30720 ----a-w- C:\WINDOWS\System32\srm_ps.dll
2012-10-12 06:14:54 279040 ----a-w- C:\WINDOWS\System32\srm.dll
2012-10-12 06:14:54 274432 ----a-w- C:\WINDOWS\System32\srmstormod.dll
2012-10-12 06:14:54 172032 ----a-w- C:\WINDOWS\System32\srmshell.dll
2012-10-12 06:14:54 1347072 ----a-w- C:\WINDOWS\System32\srmclient.dll
2012-10-12 06:14:54 134144 ----a-w- C:\WINDOWS\System32\adrclient.dll
2012-10-12 06:14:40 36352 ----a-w- C:\WINDOWS\System32\rfxvmt.dll
2012-10-12 06:14:39 3244032 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2012-10-12 06:14:34 115712 ----a-w- C:\WINDOWS\System32\wbem\PolicMan.dll
2012-10-12 06:13:32 109568 ----a-w- C:\WINDOWS\System32\dskquota.dll
2012-10-12 05:50:01 235520 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2012-10-12 05:46:28 618496 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2012-10-12 05:41:02 987648 ----a-w- C:\WINDOWS\SysWow64\srmclient.dll
2012-10-12 05:41:02 68096 ----a-w- C:\WINDOWS\SysWow64\srmtrace.dll
2012-10-12 05:41:02 487936 ----a-w- C:\WINDOWS\SysWow64\srmscan.dll
2012-10-12 05:41:02 278528 ----a-w- C:\WINDOWS\SysWow64\srm.dll
2012-10-12 05:41:02 202240 ----a-w- C:\WINDOWS\SysWow64\srmstormod.dll
2012-10-12 05:41:02 15872 ----a-w- C:\WINDOWS\SysWow64\srm_ps.dll
2012-10-12 05:41:02 128000 ----a-w- C:\WINDOWS\SysWow64\srmshell.dll
2012-10-12 05:41:02 104448 ----a-w- C:\WINDOWS\SysWow64\adrclient.dll
2012-10-12 05:40:49 84992 ----a-w- C:\WINDOWS\SysWow64\wbem\PolicMan.dll
2012-10-12 05:39:54 82944 ----a-w- C:\WINDOWS\SysWow64\dskquota.dll
2012-10-11 07:47:18 793200 ----a-w- C:\WINDOWS\System32\mfplat.dll
2012-10-11 07:35:16 2380944 ----a-w- C:\WINDOWS\explorer.exe
2012-10-11 07:26:44 336104 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2012-10-11 07:25:48 56552 ----a-w- C:\WINDOWS\System32\drivers\sdstor.sys
2012-10-11 07:23:33 1001192 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2012-10-11 07:23:32 441576 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
2012-10-11 07:18:25 172264 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2012-10-11 07:16:20 1403784 ----a-w- C:\WINDOWS\System32\winload.efi
2012-10-11 07:16:20 1267424 ----a-w- C:\WINDOWS\System32\winload.exe
2012-10-11 07:16:20 1217328 ----a-w- C:\WINDOWS\System32\winresume.efi
2012-10-11 07:16:19 1093880 ----a-w- C:\WINDOWS\System32\winresume.exe
.
============= FINISH: 6:34:53.86 ===============

Attached Files



#6 minimalist

minimalist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 December 2012 - 01:38 AM

If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.

- Windows 8, both 32 and 64 I think

Please tell us if you have your original Windows CD/DVD available.

- Downloaded the Windows 8 update, probably have the 7 one somewhere.

Thanks.

#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 26 December 2012 - 05:23 AM

Hi,

Since Windows 8 is a fairly new operating system, there is very little tools and knowledge that currently support this particular OS at this moment.

I'm willing to take a plunge for you and see what I can do but there is no guarantee to it and you might need to prepare yourself for reformat and reinstall.

It might take longer than usual to respond back to you because of the time difference as well as getting some advice from other team members.

Although I'd strongly suggest you to start with a clean slate, but you may also proceed with our instructions should you choose to do so.

Let me know what you think.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 minimalist

minimalist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 December 2012 - 05:38 AM

Hi Conspire,

Thanks for your feedback. Willing to give it a bash, see if we can resolve the problem.

Cheers for the reply.

H

#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 26 December 2012 - 09:10 AM

We will try to get rid of the obvious first.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
===================================================

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
===================================================

On your next reply please post :
AdwCleaner log
JRT log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 minimalist

minimalist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 December 2012 - 08:23 PM

ADWCLEANER LOG -

# AdwCleaner v2.103 - Logfile created 12/27/2012 at 00:55:37
# Updated 25/12/2012 by Xplode
# Operating system : Windows 8 Pro with Media Center (64 bits)
# User : Hywel - HYWEL-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Hywel\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16442

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Hywel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3928 octets] - [27/12/2012 00:55:37]

########## EOF - C:\AdwCleaner[S1].txt - [3988 octets] ##########

#11 minimalist

minimalist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 December 2012 - 08:46 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.6 (12.26.2012:1)
OS: Windows 8 Pro with Media Center x64
Ran by Hywel on 27/12/2012 at 1:35:17.22
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/12/2012 at 1:46:13.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 26 December 2012 - 10:49 PM

Any improvements?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 minimalist

minimalist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 27 December 2012 - 02:09 AM

I will have to do a few Google searches throughout the day, Conspire, and I'll let you know for sure.

Thanks for your continued help.

H

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 AM

Posted 27 December 2012 - 04:17 AM

:thumbup2:
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 minimalist

minimalist
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 28 December 2012 - 02:21 AM

So far, so good. Looks to have done the trick.

Cheers, Conspire, you're a star

H :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users