Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wordpress malware infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 Wayne Broken

Wayne Broken

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 29 May 2014 - 05:00 AM

Hi BC,

Last week I had the nightmare of my domain being blacklisted by Google (which is now cleaned).

I remember coming here prreviously for assistance and it worked so well - I'm coming back for more.

 

I just want to be sure that the workstation isn't infected too, precautionary although my system seems to lag slightly since last week's infection.

Thanks in advance - and all the best,

WB

 

**DDS report follows**

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.55.2
Run by CHU at 10:51:32 on 2014-05-29
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.44.1033.18.3000.1058 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\VVCap\VVCap.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\CHU\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\KeePass Password Safe 2\KeePass.exe
C:\Program Files\SoulseekNS\slsk.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program

files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [VVCap] c:\program files\vvcap\VVCap.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [HijackThis startup scan] c:\program files\hijackthis\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
StartupFolder: c:\users\chu\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar

sync\GoogleCalendarSync.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft

office\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program

files\winhttrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{484995E7-6CB6-4E19-A51B-8A028FA0A4BD} : DHCPNameServer = 149.254.230.7 149.254.199.126
TCP: Interfaces\{6D1BAFBA-2E42-4BF5-8DF9-8C3CC90677F6} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B01DD9FE-728B-439F-A5DD-DC6620A12809} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
FF - component: c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{3b56bcc7-54e5-44a2-9b44-

66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-

7fee11953374}\platform\winnt\components\FoxyTunes.5.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-

7fee11953374}\platform\winnt\components\FoxyTunes.6.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-

7fee11953374}\platform\winnt\components\FoxyTunes.7.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-

7fee11953374}\platform\winnt\components\FoxyTunes.8.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-

7fee11953374}\platform\winnt\components\FoxyTunes.9.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-

7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{6ac85730-7d0f-4de0-b3fa-

21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{a7c6cf7f-112c-4500-a7ea-

39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component:

c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dl

l
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\pdf architect 2\np-previewer.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\users\chu\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin:

c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\chu\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\chu\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\chu\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - ExtSQL: !HIDDEN! 2009-06-27 00:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-13 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-13 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-3-16 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2010-11-12 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-27 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-12 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-12 50344]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-17 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-1-21 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-6 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-22 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-24 1809720]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\tablet\wacom\WTabletServicePro.exe [2013-9-22 510744]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-6-19 374648]
R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-9-22 12088]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-3 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-17 81296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-23 23256]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32

\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24 13408]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-9-22 74552]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-9-22 13296]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-9-6 13480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a5861396cb5d;Google Update Service (gupdate1c9a5861396cb5d);c:\program files\google\update\GoogleUpdate.exe [2009-

3-15 133104]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-24 860472]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\avera310usb.sys [2008-4-17 25856]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-4-17 42880]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-10-9 59264]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 PDF Architect 2;PDF Architect 2;c:\program files\pdf architect 2\ws.exe [2014-4-17 1716264]
S3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files\pdf architect 2\crash-handler-ws.exe [2014-4-17 861736]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-8-26 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-8-26 398720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2010-7-17 75776]
S4 ExpatShieldService;Expat Shield Service;c:\program files\expat shield\bin\openvpnas.exe [2011-7-1 298824]
S4 ExpatSrv;Expat Shield Routing Service;c:\program files\expat shield\hsswpr\hsssrv.exe [2011-5-25 363336]
S4 ExpatTrayService;Expat Shield Tray Service;c:\program files\expat shield\bin\ExpatTrayService.exe [2011-7-1 58013]
S4 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat

shield\bin\hsswd.exe -product Expat [?]
S4 GtDetectSc;GtDetectSc;c:\program files\orange\icon 225 usb connect\GtDetectSc.exe [2007-12-18 196704]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\pn.exe="c:\program files\programmer's notepad\pn.exe" "%1" [UserChoice]
FileExt: .inf: Applications\pn.exe="c:\program files\programmer's notepad\pn.exe" "%1" [UserChoice]
FileExt: .js: Applications\pn.exe="c:\program files\programmer's notepad\pn.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-27 12:43:12    --------    d-----w-    c:\users\chu\appdata\roaming\KeePass
2014-05-27 12:38:31    --------    d-----w-    c:\program files\KeePass Password Safe 2
2014-05-26 18:58:12    1409    ----a-w-    c:\windows\QTFont.for
2014-05-25 11:35:11    32040    ----a-w-    C:\cc_20140525_123501.reg
2014-05-25 10:55:22    --------    d-----w-    c:\program files\iPod
2014-05-25 10:55:18    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-25 10:41:51    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-05-25 10:41:50    75376    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2014-05-25 10:41:50    46704    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-05-25 10:41:50    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-05-25 10:41:46    965232    ----a-w-    c:\program files\mozilla firefox\icuuc52.dll
2014-05-25 10:41:46    1266800    ----a-w-    c:\program files\mozilla firefox\icuin52.dll
2014-05-25 10:41:46    10594416    ----a-w-    c:\program files\mozilla firefox\icudt52.dll
2014-05-24 21:04:37    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-24 17:11:43    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-24 17:10:34    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-24 17:10:34    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-24 17:10:34    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-15 15:53:54    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-05-13 16:27:18    --------    d-----w-    c:\users\chu\appdata\roaming\PDF Architect 2
2014-05-13 16:25:14    --------    d-----w-    c:\program files\PDF Architect 2
2014-05-13 16:21:47    --------    d-----w-    c:\programdata\PDF Architect 2
2014-05-13 16:21:36    --------    d-----w-    c:\users\chu\appdata\roaming\pdfforge
2014-05-13 16:21:33    95416    ----a-w-    c:\windows\system32\pdfcmon.dll
2014-05-13 16:21:33    137000    ----a-w-    c:\windows\system32\MSMAPI32.OCX
2014-05-13 16:21:30    23552    ----a-w-    c:\windows\system32\MSMPIDE.DLL
2014-05-13 16:21:30    --------    d-----w-    c:\program files\PDFCreator
2014-05-06 18:01:41    --------    d-----w-    c:\users\chu\.thumbnails
2014-05-06 07:02:20    --------    d-----w-    c:\users\chu\appdata\roaming\com.theta360.SphericalViewer
2014-05-06 07:02:16    --------    d-----w-    c:\program files\RICOH THETA for Windows® Mac
.
==================== Find3M  ====================
.
2014-05-15 14:37:50    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-14 18:00:32    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 18:00:32    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-13 16:15:43    25378774    ----a-w-    c:\windows\system32\~.tmp
2014-05-12 06:25:54    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-27 10:28:18    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400164670828
2014-04-27 10:28:18    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-04-27 10:28:18    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1400164670828
2014-04-27 10:28:18    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-04-27 10:28:18    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-04-27 10:28:18    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-04-27 10:28:17    43152    ----a-w-    c:\windows\avastSS.scr
2014-03-31 21:46:48    130712    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2014-03-31 21:46:48    1070232    ----a-w-    c:\windows\system32\MSCOMCTL.OCX
2014-03-07 23:12:00    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-07 23:02:19    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-03-07 22:57:17    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03    421376    ----a-w-    c:\windows\system32\vbscript.dll
.
============= FINISH: 10:51:54.00 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 03 June 2014 - 05:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/535902 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 04 June 2014 - 02:37 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.55.2
Run by CHU at 20:33:55 on 2014-06-04
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.44.1033.18.3000.1371 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\VVCap\VVCap.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\CubicExplorer\CubicExplorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\KeePass Password Safe 2\KeePass.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Programmer's Notepad\pn.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [VVCap] c:\program files\vvcap\VVCap.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
StartupFolder: c:\users\chu\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{484995E7-6CB6-4E19-A51B-8A028FA0A4BD} : DHCPNameServer = 149.254.230.7 149.254.199.126
TCP: Interfaces\{6D1BAFBA-2E42-4BF5-8DF9-8C3CC90677F6} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B01DD9FE-728B-439F-A5DD-DC6620A12809} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
FF - component: c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.5.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.6.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.7.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.8.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.9.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\pdf architect 2\np-previewer.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\users\chu\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\chu\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\chu\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\chu\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\chu\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - ExtSQL: !HIDDEN! 2009-06-27 00:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-13 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-13 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-3-16 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2010-11-12 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-27 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-12 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-12 50344]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-17 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-1-21 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-6 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-22 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-24 1809720]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\tablet\wacom\WTabletServicePro.exe [2013-9-22 510744]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-6-19 374648]
R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-9-22 12088]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-3 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-17 81296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-23 23256]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24 13408]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-9-22 74552]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-9-22 13296]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-9-6 13480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a5861396cb5d;Google Update Service (gupdate1c9a5861396cb5d);c:\program files\google\update\GoogleUpdate.exe [2009-3-15 133104]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-24 860472]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\avera310usb.sys [2008-4-17 25856]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-4-17 42880]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-10-9 59264]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 PDF Architect 2;PDF Architect 2;c:\program files\pdf architect 2\ws.exe [2014-4-17 1716264]
S3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files\pdf architect 2\crash-handler-ws.exe [2014-4-17 861736]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-8-26 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-8-26 398720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2010-7-17 75776]
S4 ExpatShieldService;Expat Shield Service;c:\program files\expat shield\bin\openvpnas.exe [2011-7-1 298824]
S4 ExpatSrv;Expat Shield Routing Service;c:\program files\expat shield\hsswpr\hsssrv.exe [2011-5-25 363336]
S4 ExpatTrayService;Expat Shield Tray Service;c:\program files\expat shield\bin\ExpatTrayService.exe [2011-7-1 58013]
S4 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]
S4 GtDetectSc;GtDetectSc;c:\program files\orange\icon 225 usb connect\GtDetectSc.exe [2007-12-18 196704]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\pn.exe="c:\program files\programmer's notepad\pn.exe" "%1" [UserChoice]
FileExt: .txt: Applications\pn.exe="c:\program files\programmer's notepad\pn.exe" "%1" [UserChoice]
FileExt: .inf: Applications\pn.exe="c:\program files\programmer's notepad\pn.exe" "%1" [UserChoice]
FileExt: .js: Applications\pn.exe="c:\program files\programmer's notepad\pn.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-04 19:32:29    --------    d-----w-    C:\dds-old
2014-06-03 21:37:22    1409    ----a-w-    c:\windows\QTFont.for
2014-05-30 14:28:58    --------    d-----w-    c:\programdata\ODIR
2014-05-30 14:27:23    101888    ----a-w-    c:\windows\system32\VB6STKIT.DLL
2014-05-30 14:27:17    209608    ----a-w-    c:\windows\system32\Tabctl32.ocx
2014-05-30 14:27:15    --------    d-----w-    c:\program files\ODIR
2014-05-29 16:43:34    --------    d-----w-    c:\users\chu\appdata\roaming\UUDWin
2014-05-27 12:43:12    --------    d-----w-    c:\users\chu\appdata\roaming\KeePass
2014-05-27 12:38:31    --------    d-----w-    c:\program files\KeePass Password Safe 2
2014-05-25 11:35:11    32040    ----a-w-    C:\cc_20140525_123501.reg
2014-05-25 10:55:22    --------    d-----w-    c:\program files\iPod
2014-05-25 10:55:18    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-25 10:41:51    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-05-25 10:41:50    75376    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2014-05-25 10:41:50    46704    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-05-25 10:41:50    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-05-25 10:41:46    965232    ----a-w-    c:\program files\mozilla firefox\icuuc52.dll
2014-05-25 10:41:46    1266800    ----a-w-    c:\program files\mozilla firefox\icuin52.dll
2014-05-25 10:41:46    10594416    ----a-w-    c:\program files\mozilla firefox\icudt52.dll
2014-05-24 21:04:37    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-24 17:11:43    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-24 17:10:34    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-24 17:10:34    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-24 17:10:34    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-15 15:53:54    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-05-13 16:27:18    --------    d-----w-    c:\users\chu\appdata\roaming\PDF Architect 2
2014-05-13 16:25:14    --------    d-----w-    c:\program files\PDF Architect 2
2014-05-13 16:21:47    --------    d-----w-    c:\programdata\PDF Architect 2
2014-05-13 16:21:36    --------    d-----w-    c:\users\chu\appdata\roaming\pdfforge
2014-05-13 16:21:33    95416    ----a-w-    c:\windows\system32\pdfcmon.dll
2014-05-13 16:21:33    137000    ----a-w-    c:\windows\system32\MSMAPI32.OCX
2014-05-13 16:21:30    23552    ----a-w-    c:\windows\system32\MSMPIDE.DLL
2014-05-13 16:21:30    --------    d-----w-    c:\program files\PDFCreator
2014-05-06 18:01:41    --------    d-----w-    c:\users\chu\.thumbnails
2014-05-06 07:02:20    --------    d-----w-    c:\users\chu\appdata\roaming\com.theta360.SphericalViewer
2014-05-06 07:02:16    --------    d-----w-    c:\program files\RICOH THETA for Windows® Mac
.
==================== Find3M  ====================
.
2014-05-15 14:37:50    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-14 18:00:32    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 18:00:32    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-13 16:15:43    25378774    ----a-w-    c:\windows\system32\~.tmp
2014-05-12 06:25:54    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-27 10:28:18    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400164670828
2014-04-27 10:28:18    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-04-27 10:28:18    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1400164670828
2014-04-27 10:28:18    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-04-27 10:28:18    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-04-27 10:28:18    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-04-27 10:28:17    43152    ----a-w-    c:\windows\avastSS.scr
2014-03-31 21:46:48    130712    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2014-03-31 21:46:48    1070232    ----a-w-    c:\windows\system32\MSCOMCTL.OCX
2014-03-07 23:12:00    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-07 23:02:19    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-03-07 22:57:17    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03    421376    ----a-w-    c:\windows\system32\vbscript.dll
.
============= FINISH: 20:34:23.88 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 08 June 2014 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 14 June 2014 - 01:36 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 15 June 2014 - 12:26 PM

This topic has been re-opened at the request of the person who originally posted.

#7 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 15 June 2014 - 04:11 PM

AdwCleaner[R0].txt

# AdwCleaner v3.212 - Report created 15/06/2014 at 21:57:37
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : CHU - CHU
# Running from : C:\Users\CHU\Downloads\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****

Service Found : ExpatShieldService
Service Found : ExpatSrv
Service Found : ExpatTrayService
Service Found : ExpatWd

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\32na2g1e.CHU\user.js
Folder Found : C:\Expat Shield
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\Expat Shield
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
Folder Found : C:\Users\CHU\AppData\Local\Conduit
Folder Found : C:\Users\CHU\AppData\LocalLow\Conduit
Folder Found : C:\Users\CHU\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\CHU\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\CHU\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\CHU\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\ConduitCommon
Folder Found : C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
Folder Found : C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\StumbleUpon
Folder Found : C:\Users\CHU\AppData\Roaming\pdfforge
Folder Found : C:\Users\CHU\Documents\Updater
Folder Found : C:\Users\Guest\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Guest\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Guest\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Guest\AppData\Roaming\iWin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpatShield
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\ExpatIE.ExpatIEApp
Key Found : HKLM\SOFTWARE\Classes\ExpatIE.ExpatIEApp.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\ExpatShield
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55115BDA-93DF-45D4-B0C1-F65E7EF651F5}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4BE6C6F-0732-432F-942F-AB1F02BCA94B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExpatShield
Key Found : HKLM\Software\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\prefs.js ]

Line Found : user_pref("CT2504091..clientLogIsEnabled", true);
Line Found : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2504091.AppTrackingLastCheckTime", "Sun Nov 06 2011 19:08:16 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.CTID", "CT2504091");
Line Found : user_pref("CT2504091.CurrentServerDate", "6-11-2011");
Line Found : user_pref("CT2504091.DSInstall", true);
Line Found : user_pref("CT2504091.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2504091.DialogsGetterLastCheckTime", "Sun Nov 06 2011 19:08:04 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.DownloadReferralCookieData", "");
Line Found : user_pref("CT2504091.EMailNotifierPollDate", "Sun Nov 06 2011 19:08:04 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Line Found : user_pref("CT2504091.FeedPollDate128891351169457140", "Sun Nov 06 2011 19:08:04 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.FeedPollDate129079840422964131", "Sun Nov 06 2011 19:08:04 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Line Found : user_pref("CT2504091.FirstServerDate", "6-11-2011");
Line Found : user_pref("CT2504091.FirstTime", true);
Line Found : user_pref("CT2504091.FirstTimeFF3", true);
Line Found : user_pref("CT2504091.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2504091.HPInstall", false);
Line Found : user_pref("CT2504091.HasUserGlobalKeys", true);
Line Found : user_pref("CT2504091.Initialize", true);
Line Found : user_pref("CT2504091.InitializeCommonPrefs", true);
Line Found : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Line Found : user_pref("CT2504091.InstallationType", "ConduitIntegration");
Line Found : user_pref("CT2504091.InstalledDate", "Sun Nov 06 2011 19:08:04 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.IsGrouping", false);
Line Found : user_pref("CT2504091.IsInitSetupIni", true);
Line Found : user_pref("CT2504091.IsMulticommunity", false);
Line Found : user_pref("CT2504091.IsOpenThankYouPage", false);
Line Found : user_pref("CT2504091.IsOpenUninstallPage", false);
Line Found : user_pref("CT2504091.LanguagePackLastCheckTime", "Sun Nov 06 2011 19:08:05 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2504091.LastLogin_3.7.0.6", "Sun Nov 06 2011 19:08:05 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.LatestVersion", "3.7.0.6");
Line Found : user_pref("CT2504091.Locale", "en-us");
Line Found : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2504091.OriginalFirstVersion", "3.7.0.6");
Line Found : user_pref("CT2504091.SearchCaption", "Web Search");
Line Found : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2504091.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sun Nov 06 2011 19:08:05 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2504091.SearchProtectorToolbarDisabled", true);
Line Found : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2504091.ServiceMapLastCheckTime", "Sun Nov 06 2011 19:08:02 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.SettingsLastCheckTime", "Sun Nov 06 2011 19:08:03 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.SettingsLastUpdate", "1319755934");
Line Found : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
Line Found : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sun Nov 06 2011 19:08:02 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT2504091.ToolbarDisabled", true);
Line Found : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Line Found : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2504091.UserID", "UN89763237283468843");
Line Found : user_pref("CT2504091.alertChannelId", "897164");
Line Found : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Sun Nov 06 2011 19:08:04 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2504091.initDone", true);
Line Found : user_pref("CT2504091.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2504091.myStuffEnabled", true);
Line Found : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2504091.revertSettingsEnabled", true);
Line Found : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2504091.testingCtid", "");
Line Found : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sun Nov 06 2011 19:08:04 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Sun Nov 06 2011 19:08:05 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\CHU\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\034bq8c8.default\\conduitCommon\\modules\\3.7.0.6");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
Line Found : user_pref("CommunityToolbar.globalUserId", "e5d4f22b-c14d-4783-a5b6-50781190e9e0");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Nov 06 2011 19:08:04 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 06 2011 19:08:13 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Nov 06 2011 19:08:03 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "b3a1ae93-eb75-49cd-9ac8-811685f6c092");
Line Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.facebook.com/schudio|hxxp://www.netvibes.com/");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "Wikipedia (en)");
Line Found : user_pref("extensions.m3ffxtbr@mywebsearch.com.install-event-fired", true);
Line Found : user_pref("extensions.ntk.recentClosedPers", "hxxp://support.mozilla.org/en-US/home?as=u::Mozilla Support;hxxp://www.schudio.co.uk/360blog/sketchy/::TEST;hxxp://www.schudio.co.uk/360blog/present/::Pre[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("foxytunes.recent_players", "@foxytunes.org/FoxyTunes/YouTube;1,@foxytunes.org/FoxyTunes/WindowsMediaPlayer;1,@foxytunes.org/FoxyTunes/WinAmp;1");
Line Found : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Line Found : user_pref("surfcanyon.last_checked_ts", "1266914052286");

[ File : C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\32na2g1e.CHU\prefs.js ]


[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9fi1gi00.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [16569 octets] - [15/06/2014 21:57:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16630 octets] ##########
 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by CHU (administrator) on CHU on 15-06-2014 22:02:58
Running from C:\Users\CHU\Downloads
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\ACER\Mobility Center\MobilityService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Cubic Reality Software) C:\Program Files\CubicExplorer\CubicExplorer.exe
(Simon Steele (Echo Software)) C:\Program Files\Programmer's Notepad\pn.exe
(Simon Steele (Echo Software)) C:\Program Files\Programmer's Notepad\pn.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-21] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3890208 2014-06-07] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\S-1-5-21-818337878-3525668155-2889324976-1002\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-818337878-3525668155-2889324976-1002\...\Run: [VVCap] => C:\Program Files\VVCap\VVCap.exe [765440 2010-12-28] (G Central)
HKU\S-1-5-21-818337878-3525668155-2889324976-1002\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-818337878-3525668155-2889324976-1002\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\CHU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {b167b83b-348e-4f8a-a00d-693f28ede787} URL = http://search.expatshield.com/g/results.php?c=s&q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default
FF SearchEngineOrder.1: Microsoft (Bing)
FF Homepage: hxxp://www.google.co.uk/
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.5 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 - C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\CHU\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\CHU\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\CHU\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\CHU\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\CHU\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF user.js: detected! => C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\32na2g1e.CHU\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\CHU\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\CHU\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\CHU\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\bbc-news.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\businesscom.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\crack-spider.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\ebay-uk.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\flickr-tags.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\netvibes-ecosystem-search.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\technorati.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\thesaurus---referencecom.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\torrentspy.xml
FF SearchPlugin: C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\youtorrent.xml
FF Extension: British English Dictionary - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2012-07-15]
FF Extension: Firefogg - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\firefogg@firefogg.org [2012-11-27]
FF Extension: Xmarks - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\foxmarks@kei.com [2013-05-21]
FF Extension: Locationbar&#178; - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\locationbar2@design-noir.de [2011-12-07]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\LogMeInClient@logmein.com [2011-08-25]
FF Extension: My-Translator - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\My-Translator@eugenche.com [2012-01-25]
FF Extension: Shorten URL - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\ShortenURL@loucypher [2011-12-07]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-18]
FF Extension: Html Validator - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2013-11-15]
FF Extension: Dust-Me Selectors - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37} [2013-11-15]
FF Extension: FEBE - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-08-15]
FF Extension: Empty Cache Button - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2013-12-03]
FF Extension: ColorZilla - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-09-18]
FF Extension: FT DeepDark - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-05-25]
FF Extension: Google Redesigned - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406} [2013-01-04]
FF Extension: iFox Smooth - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688} [2010-07-18]
FF Extension: Download Statusbar - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011-12-07]
FF Extension: New Tab King - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2013-02-03]
FF Extension: Auto Refresh - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\autorefresh@plugin.xpi [2013-03-18]
FF Extension: Custom New Tab - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\CNT@ednovak.net.xpi [2014-01-21]
FF Extension: Exif Viewer - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2012-06-12]
FF Extension: Firebug - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\firebug@software.joehewitt.com.xpi [2012-06-12]
FF Extension: Tube Enhancer Plus - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2014-01-21]
FF Extension: Wiktionary and Google Translate - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\googledictionary@toptip.ca.xpi [2012-06-12]
FF Extension: HootSuite Hootlet - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\hootsuite@hootsuite.com.xpi [2012-07-24]
FF Extension: Quick Maps - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\map@quickmaps.me.xpi [2012-10-06]
FF Extension: Classic Compact Options - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2012-09-18]
FF Extension: Tile Tabs - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\tiletabs@DW-dev.xpi [2012-09-18]
FF Extension: Twitter Disconnect - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\twitter@disconnect.me.xpi [2013-03-02]
FF Extension: Screengrab  (fix version) - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2012-06-14]
FF Extension: PageTweak - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi [2012-12-24]
FF Extension: LittleFox - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi [2012-06-12]
FF Extension: Grab and Drag - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi [2012-06-12]
FF Extension: IE View - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi [2013-02-28]
FF Extension: NoScript - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-06-12]
FF Extension: Tab History Menu - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{9c491c49-071c-4039-98a5-66d3fe53b1b2}.xpi [2014-01-28]
FF Extension: FireFTP - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-06-12]
FF Extension: Web Developer - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-09-18]
FF Extension: Adblock Plus - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-02]
FF Extension: classiccompact - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi [2012-09-18]
FF Extension: DownThemAll! - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-09-18]
FF Extension: Greasemonkey - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-18]
FF Extension: User Agent Switcher - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-08-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\32na2g1e.CHU\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-18]
FF Extension: FEBE - C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\32na2g1e.CHU\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2010-07-18]
FF Extension: afurladvisor - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-02-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-02-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-16]

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-11-02] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-04-27] (AVAST Software)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel® Corporation) [File not signed]
S4 ExpatShieldService; C:\Program Files\Expat Shield\bin\openvpnas.exe [298824 2011-07-01] ()
S4 ExpatSrv; C:\Program Files\Expat Shield\HssWPR\hsssrv.exe [363336 2011-05-25] (AnchorFree Inc.)
S4 ExpatTrayService; C:\Program Files\Expat Shield\bin\ExpatTrayService.EXE [58013 2011-07-01] () [File not signed]
S4 ExpatWd; C:\Program Files\Expat Shield\bin\hsswd.exe [329544 2011-05-25] ()
S4 GtDetectSc; C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe [196704 2007-12-18] (OptionNV) [File not signed]
S2 gupdate1c9a5861396cb5d; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-15] (Google Inc.)
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [700032 2010-01-30] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 iprip; C:\Windows\System32\iprip.dll [29696 2006-11-02] (Microsoft Corporation)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1716264 2014-04-17] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-17] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel® Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [510744 2013-06-06] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-27] ()
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106112 2007-11-13] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59264 2007-10-09] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [12088 2013-04-30] (Windows ® Win 7 DDK provider)
R3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [37376 2011-05-25] (AnchorFree Inc.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [24216 2010-03-10] (Initio Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 PD0620VID; C:\Windows\System32\DRIVERS\P0620Vid.sys [91577 2004-07-29] (Creative Technology Ltd.)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2010-06-12] (LogMeIn, Inc.)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
R3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2011-05-25] (AnchorFree Inc)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [252416 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
R3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [74552 2013-04-30] (Wacom Technology)
R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)
R3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13480 2009-07-09] (Wacom Technology)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [75776 2007-12-17] (Wasay) [File not signed]
S1 A2DDA; \??\C:\Users\CHU\Downloads\EmsisoftEmergencyKit\Run\a2ddax86.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CHU\AppData\Local\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\Users\fly23\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-15 22:02 - 2014-06-15 22:03 - 00030878 _____ () C:\Users\CHU\Downloads\FRST.txt
2014-06-15 22:02 - 2014-06-15 22:03 - 00000000 ____D () C:\FRST
2014-06-15 22:01 - 2014-06-15 22:01 - 00016711 _____ () C:\Users\CHU\Desktop\AdwCleaner[R0].txt
2014-06-15 21:57 - 2014-06-15 21:58 - 00000000 ____D () C:\AdwCleaner
2014-06-15 21:56 - 2014-06-15 21:56 - 00001620 _____ () C:\Users\CHU\Desktop\scan.txt
2014-06-15 19:37 - 2014-06-15 19:37 - 00038361 _____ () C:\Users\CHU\Downloads\cacerts.pem
2014-06-15 19:36 - 2014-06-15 19:37 - 25354515 _____ () C:\Users\CHU\Downloads\google-drive-sdk-samples-49d381182e62.zip
2014-06-15 14:59 - 2014-06-15 15:05 - 662751373 _____ () C:\Users\CHU\Downloads\Photos.zip
2014-06-15 14:56 - 2014-06-15 14:59 - 202718734 _____ () C:\Users\CHU\Downloads\20140608_115031.mp4
2014-06-15 14:46 - 2014-06-15 14:46 - 01073152 _____ (Farbar) C:\Users\CHU\Downloads\FRST.exe
2014-06-13 13:37 - 2014-06-13 13:37 - 00000000 ____D () C:\Users\CHU\Documents\Max
2014-06-13 13:37 - 2014-06-13 13:37 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\Cycling '74
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\Users\CHU\Downloads\MWServerR008
2014-06-13 13:23 - 2014-06-13 13:24 - 39741520 _____ () C:\Users\CHU\Downloads\MWServerR008.zip
2014-06-12 18:19 - 2014-06-12 18:19 - 01333465 _____ () C:\Users\CHU\Downloads\adwcleaner_3.212.exe
2014-06-04 20:37 - 2014-06-04 20:37 - 00006139 _____ () C:\Attach.zip
2014-06-04 20:35 - 2014-06-04 20:35 - 00023132 _____ () C:\Attach.txt
2014-06-04 20:35 - 2014-06-04 20:35 - 00022249 _____ () C:\DDS.txt
2014-06-04 20:32 - 2014-06-04 20:33 - 00000000 ____D () C:\dds-old
2014-06-04 15:25 - 2014-06-04 15:25 - 00000000 ____D () C:\Users\CHU\Downloads\documents-master
2014-06-04 14:16 - 2014-06-04 14:16 - 08481687 _____ () C:\Users\CHU\Downloads\documents-master.zip
2014-06-03 22:37 - 2014-06-15 14:11 - 00054156 ____H () C:\Windows\QTFont.qfn
2014-06-02 10:46 - 2014-06-02 10:46 - 04996210 _____ (Tim Kosse) C:\Users\CHU\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-05-31 09:34 - 2014-05-31 09:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-31 09:34 - 2014-05-31 09:34 - 00000000 _____ () C:\Windows\setupact.log
2014-05-31 09:30 - 2014-05-31 09:35 - 02793544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-30 15:28 - 2014-05-30 15:28 - 00000000 ____D () C:\ProgramData\ODIR
2014-05-30 15:27 - 2014-05-30 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODIR
2014-05-30 15:27 - 2014-05-30 15:27 - 00000000 ____D () C:\Program Files\ODIR
2014-05-30 15:27 - 2000-12-06 00:00 - 00209608 _____ (Microsoft Corporation) C:\Windows\system32\Tabctl32.ocx
2014-05-30 15:27 - 1999-03-26 01:00 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\VB6STKIT.DLL
2014-05-30 15:26 - 2014-05-30 15:26 - 02550878 _____ (Vaita ) C:\Users\CHU\Downloads\ODIR.exe
2014-05-29 19:48 - 2014-05-29 19:48 - 00044907 _____ () C:\Users\CHU\Downloads\CookieWarning-master.zip
2014-05-29 17:47 - 2014-05-29 18:33 - 00000000 ____D () C:\Users\CHU\Downloads\outlookattachview
2014-05-29 17:46 - 2014-05-29 17:46 - 00115681 _____ () C:\Users\CHU\Downloads\outlookattachview.zip
2014-05-29 17:43 - 2014-05-29 17:45 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\UUDWin
2014-05-29 17:42 - 2014-05-29 17:42 - 00363920 _____ () C:\Users\CHU\Downloads\uud32-256.zip
2014-05-29 17:42 - 2014-05-29 17:42 - 00000000 ____D () C:\Users\CHU\Downloads\uud32-256
2014-05-29 15:38 - 2014-05-29 15:39 - 37226253 _____ () C:\Users\CHU\Downloads\Farmer Slaughter(1).zip
2014-05-29 10:49 - 2014-06-04 20:34 - 00023132 _____ () C:\Users\CHU\attach.txt
2014-05-29 10:49 - 2014-06-04 20:34 - 00022249 _____ () C:\Users\CHU\dds.txt
2014-05-29 10:21 - 2014-05-29 10:21 - 00688992 ____R (Swearware) C:\Users\CHU\Downloads\dds.com
2014-05-28 17:27 - 2014-05-28 17:27 - 01033321 _____ () C:\Users\CHU\Downloads\wrd_jjRe13981776.sql
2014-05-28 09:21 - 2014-05-28 09:21 - 00073116 _____ () C:\Users\CHU\Downloads\sucuri-wp-plugin.zip
2014-05-28 09:07 - 2014-05-28 09:07 - 00000878 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-05-28 09:06 - 2014-05-28 09:06 - 02545000 _____ (Dominik Reichl ) C:\Users\CHU\Downloads\KeePass-2.26-Setup.exe
2014-05-27 13:43 - 2014-06-15 21:56 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\KeePass
2014-05-27 13:38 - 2014-05-28 09:07 - 00000000 ____D () C:\Program Files\KeePass Password Safe 2
2014-05-27 12:41 - 2014-05-27 12:42 - 06339727 _____ () C:\Users\CHU\Downloads\wordpress-3.9.1.zip
2014-05-26 17:58 - 2014-05-26 17:58 - 00661178 _____ () C:\Users\CHU\Downloads\wp_posts.sql
2014-05-25 18:20 - 2014-05-25 18:21 - 93960585 _____ () C:\Users\CHU\Downloads\schudio_wrdp2.sql
2014-05-25 17:35 - 2014-05-25 17:36 - 00000000 ____D () C:\Users\CHU\Downloads\accesslog-schudio.co.uk-05-25-2014_16_34_13-0000
2014-05-25 17:34 - 2014-05-25 17:34 - 03041150 _____ () C:\Users\CHU\Downloads\accesslog-schudio.co.uk-05-25-2014_16_34_13-0000.gz
2014-05-25 16:05 - 2014-05-25 16:05 - 02453682 _____ () C:\Users\CHU\Downloads\schudio_wrdp1.sql
2014-05-25 12:57 - 2014-06-15 21:56 - 00279925 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 12:35 - 2014-05-25 12:35 - 00032040 _____ () C:\cc_20140525_123501.reg
2014-05-25 11:56 - 2014-05-25 11:56 - 00001628 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-25 11:56 - 2014-05-25 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-25 11:55 - 2014-05-25 11:56 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-25 11:55 - 2014-05-25 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-05-25 11:20 - 2014-05-25 11:20 - 04968079 _____ (Tim Kosse) C:\Users\CHU\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-05-24 22:05 - 2014-05-24 22:05 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-24 22:04 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-24 22:04 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-24 22:04 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-24 21:59 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-24 18:11 - 2014-06-15 19:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 18:10 - 2014-05-24 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 18:10 - 2014-05-24 18:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-24 18:10 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-24 18:10 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-24 18:08 - 2014-05-24 18:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\CHU\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 11:37 - 2014-05-22 11:37 - 29776671 _____ () C:\Users\CHU\Downloads\CHU_scoop.zip
2014-05-22 09:29 - 2014-05-22 09:29 - 03981530 _____ () C:\Users\CHU\Downloads\wordpress-3.2.1.zip
2014-05-21 17:44 - 2014-05-21 17:44 - 04920954 _____ () C:\Users\CHU\Downloads\wordpress-3.4.2.zip
2014-05-21 15:13 - 2014-05-21 15:13 - 07508475 _____ () C:\Users\CHU\Downloads\lambtosl_wp1.sql
2014-05-16 05:17 - 2014-05-16 05:17 - 00746355 _____ () C:\Users\CHU\Downloads\jw-flv-player.zip
2014-05-16 05:17 - 2014-05-16 05:17 - 00000000 ____D () C:\Users\CHU\Downloads\jw-flv-player

==================== One Month Modified Files and Folders =======

2014-06-15 22:03 - 2014-06-15 22:02 - 00030878 _____ () C:\Users\CHU\Downloads\FRST.txt
2014-06-15 22:03 - 2014-06-15 22:02 - 00000000 ____D () C:\FRST
2014-06-15 22:03 - 2010-11-11 19:23 - 00000000 ____D () C:\Users\CHU\AppData\Local\temp
2014-06-15 22:01 - 2014-06-15 22:01 - 00016711 _____ () C:\Users\CHU\Desktop\AdwCleaner[R0].txt
2014-06-15 21:58 - 2014-06-15 21:57 - 00000000 ____D () C:\AdwCleaner
2014-06-15 21:56 - 2014-06-15 21:56 - 00001620 _____ () C:\Users\CHU\Desktop\scan.txt
2014-06-15 21:56 - 2014-05-27 13:43 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\KeePass
2014-06-15 21:56 - 2014-05-25 12:57 - 00279925 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 21:55 - 2012-09-26 09:48 - 00000000 ____D () C:\Users\CHU\AppData\Local\D42788A6-7225-4E76-A4B2-9B11A850F13D.aplzod
2014-06-15 21:55 - 2010-07-18 12:06 - 00000000 ____D () C:\Users\CHU
2014-06-15 21:44 - 2010-09-28 09:47 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\FileZilla
2014-06-15 20:57 - 2006-11-02 13:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 20:57 - 2006-11-02 13:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 19:37 - 2014-06-15 19:37 - 00038361 _____ () C:\Users\CHU\Downloads\cacerts.pem
2014-06-15 19:37 - 2014-06-15 19:36 - 25354515 _____ () C:\Users\CHU\Downloads\google-drive-sdk-samples-49d381182e62.zip
2014-06-15 19:18 - 2014-05-24 18:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 16:08 - 2009-07-01 17:39 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-15 15:39 - 2010-10-27 13:30 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-06-15 15:38 - 2010-07-18 15:44 - 00000000 ____D () C:\Users\CHU\AppData\Local\Adobe
2014-06-15 15:37 - 2014-05-06 08:02 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\com.theta360.SphericalViewer
2014-06-15 15:05 - 2014-06-15 14:59 - 662751373 _____ () C:\Users\CHU\Downloads\Photos.zip
2014-06-15 14:59 - 2014-06-15 14:56 - 202718734 _____ () C:\Users\CHU\Downloads\20140608_115031.mp4
2014-06-15 14:46 - 2014-06-15 14:46 - 01073152 _____ (Farbar) C:\Users\CHU\Downloads\FRST.exe
2014-06-15 14:11 - 2014-06-03 22:37 - 00054156 ____H () C:\Windows\QTFont.qfn
2014-06-15 14:11 - 2012-04-09 20:08 - 00000000 ____D () C:\AITEMP
2014-06-15 12:57 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 16:38 - 2008-04-17 18:28 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-13 16:38 - 2006-11-02 13:58 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-13 13:37 - 2014-06-13 13:37 - 00000000 ____D () C:\Users\CHU\Documents\Max
2014-06-13 13:37 - 2014-06-13 13:37 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\Cycling '74
2014-06-13 13:35 - 2014-06-13 13:35 - 00000000 ____D () C:\Users\CHU\Downloads\MWServerR008
2014-06-13 13:27 - 2006-11-02 11:33 - 00795844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 13:24 - 2014-06-13 13:23 - 39741520 _____ () C:\Users\CHU\Downloads\MWServerR008.zip
2014-06-13 13:01 - 2010-07-18 15:05 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\Skype
2014-06-13 03:00 - 2012-12-20 13:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 02:59 - 2012-03-30 11:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-13 02:59 - 2011-05-15 20:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-12 18:19 - 2014-06-12 18:19 - 01333465 _____ () C:\Users\CHU\Downloads\adwcleaner_3.212.exe
2014-06-04 20:37 - 2014-06-04 20:37 - 00006139 _____ () C:\Attach.zip
2014-06-04 20:35 - 2014-06-04 20:35 - 00023132 _____ () C:\Attach.txt
2014-06-04 20:35 - 2014-06-04 20:35 - 00022249 _____ () C:\DDS.txt
2014-06-04 20:34 - 2014-05-29 10:49 - 00023132 _____ () C:\Users\CHU\attach.txt
2014-06-04 20:34 - 2014-05-29 10:49 - 00022249 _____ () C:\Users\CHU\dds.txt
2014-06-04 20:33 - 2014-06-04 20:32 - 00000000 ____D () C:\dds-old
2014-06-04 16:55 - 2012-01-23 11:51 - 00000000 ____D () C:\Users\CHU\AppData\Local\Last.fm
2014-06-04 15:25 - 2014-06-04 15:25 - 00000000 ____D () C:\Users\CHU\Downloads\documents-master
2014-06-04 14:16 - 2014-06-04 14:16 - 08481687 _____ () C:\Users\CHU\Downloads\documents-master.zip
2014-06-02 23:29 - 2010-07-18 13:08 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\Winamp
2014-06-02 11:52 - 2010-12-30 12:15 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\DiskSpaceFan
2014-06-02 10:46 - 2014-06-02 10:46 - 04996210 _____ (Tim Kosse) C:\Users\CHU\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-05-31 09:35 - 2014-05-31 09:30 - 02793544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-31 09:34 - 2014-05-31 09:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-31 09:34 - 2014-05-31 09:34 - 00000000 _____ () C:\Windows\setupact.log
2014-05-30 15:28 - 2014-05-30 15:28 - 00000000 ____D () C:\ProgramData\ODIR
2014-05-30 15:27 - 2014-05-30 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODIR
2014-05-30 15:27 - 2014-05-30 15:27 - 00000000 ____D () C:\Program Files\ODIR
2014-05-30 15:26 - 2014-05-30 15:26 - 02550878 _____ (Vaita ) C:\Users\CHU\Downloads\ODIR.exe
2014-05-30 10:14 - 2010-07-21 12:48 - 00099328 _____ () C:\Users\CHU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-29 19:48 - 2014-05-29 19:48 - 00044907 _____ () C:\Users\CHU\Downloads\CookieWarning-master.zip
2014-05-29 18:33 - 2014-05-29 17:47 - 00000000 ____D () C:\Users\CHU\Downloads\outlookattachview
2014-05-29 17:46 - 2014-05-29 17:46 - 00115681 _____ () C:\Users\CHU\Downloads\outlookattachview.zip
2014-05-29 17:45 - 2014-05-29 17:43 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\UUDWin
2014-05-29 17:42 - 2014-05-29 17:42 - 00363920 _____ () C:\Users\CHU\Downloads\uud32-256.zip
2014-05-29 17:42 - 2014-05-29 17:42 - 00000000 ____D () C:\Users\CHU\Downloads\uud32-256
2014-05-29 15:39 - 2014-05-29 15:38 - 37226253 _____ () C:\Users\CHU\Downloads\Farmer Slaughter(1).zip
2014-05-29 10:21 - 2014-05-29 10:21 - 00688992 ____R (Swearware) C:\Users\CHU\Downloads\dds.com
2014-05-28 17:30 - 2010-07-21 12:48 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\IrfanView
2014-05-28 17:30 - 2010-07-19 22:49 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-05-28 17:30 - 2009-01-22 06:02 - 00000000 ____D () C:\Users\Guest
2014-05-28 17:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-05-28 17:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-28 17:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-05-28 17:30 - 2006-11-02 11:22 - 58195968 _____ () C:\Windows\system32\config\software_previous
2014-05-28 17:30 - 2006-11-02 11:22 - 42205184 _____ () C:\Windows\system32\config\system_previous
2014-05-28 17:27 - 2014-05-28 17:27 - 01033321 _____ () C:\Users\CHU\Downloads\wrd_jjRe13981776.sql
2014-05-28 17:25 - 2006-11-02 11:22 - 42205184 _____ () C:\Windows\system32\config\components_previous
2014-05-28 17:25 - 2006-11-02 11:22 - 00094208 _____ () C:\Windows\system32\config\sam_previous
2014-05-28 09:21 - 2014-05-28 09:21 - 00073116 _____ () C:\Users\CHU\Downloads\sucuri-wp-plugin.zip
2014-05-28 09:07 - 2014-05-28 09:07 - 00000878 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-05-28 09:07 - 2014-05-27 13:38 - 00000000 ____D () C:\Program Files\KeePass Password Safe 2
2014-05-28 09:06 - 2014-05-28 09:06 - 02545000 _____ (Dominik Reichl ) C:\Users\CHU\Downloads\KeePass-2.26-Setup.exe
2014-05-28 08:42 - 2011-08-18 12:30 - 00001848 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-28 08:03 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-05-28 08:03 - 2006-11-02 11:22 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-05-27 12:42 - 2014-05-27 12:41 - 06339727 _____ () C:\Users\CHU\Downloads\wordpress-3.9.1.zip
2014-05-26 17:58 - 2014-05-26 17:58 - 00661178 _____ () C:\Users\CHU\Downloads\wp_posts.sql
2014-05-25 18:21 - 2014-05-25 18:20 - 93960585 _____ () C:\Users\CHU\Downloads\schudio_wrdp2.sql
2014-05-25 17:36 - 2014-05-25 17:35 - 00000000 ____D () C:\Users\CHU\Downloads\accesslog-schudio.co.uk-05-25-2014_16_34_13-0000
2014-05-25 17:34 - 2014-05-25 17:34 - 03041150 _____ () C:\Users\CHU\Downloads\accesslog-schudio.co.uk-05-25-2014_16_34_13-0000.gz
2014-05-25 16:05 - 2014-05-25 16:05 - 02453682 _____ () C:\Users\CHU\Downloads\schudio_wrdp1.sql
2014-05-25 12:48 - 2009-01-22 16:11 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-05-25 12:47 - 2014-05-13 17:21 - 00000000 ____D () C:\Program Files\PDFCreator
2014-05-25 12:35 - 2014-05-25 12:35 - 00032040 _____ () C:\cc_20140525_123501.reg
2014-05-25 12:07 - 2014-02-01 20:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-25 11:56 - 2014-05-25 11:56 - 00001628 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-25 11:56 - 2014-05-25 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-25 11:56 - 2014-05-25 11:55 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-25 11:56 - 2012-07-22 23:52 - 00000000 ____D () C:\Program Files\iTunes
2014-05-25 11:55 - 2014-05-25 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-05-25 11:55 - 2012-07-22 23:44 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-25 11:55 - 2009-02-13 13:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-25 11:22 - 2013-12-05 23:46 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-05-25 11:22 - 2010-09-28 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-05-25 11:20 - 2014-05-25 11:20 - 04968079 _____ (Tim Kosse) C:\Users\CHU\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-05-24 22:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-24 22:13 - 2008-04-17 16:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-24 22:12 - 2013-07-11 09:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-24 22:08 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-24 22:05 - 2014-05-24 22:05 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-24 18:10 - 2014-05-24 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 18:10 - 2014-05-24 18:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-24 18:10 - 2010-09-23 07:23 - 00000000 ____D () C:\Users\CHU\AppData\Roaming\Malwarebytes
2014-05-24 18:10 - 2010-09-23 07:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 18:10 - 2010-09-23 07:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-24 18:09 - 2014-05-24 18:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\CHU\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 17:56 - 2010-07-22 22:52 - 00006648 _____ () C:\Users\CHU\AppData\Local\d3d9caps.dat
2014-05-22 14:32 - 2014-05-07 19:51 - 00000000 ____D () C:\Users\Public\PORTER
2014-05-22 11:37 - 2014-05-22 11:37 - 29776671 _____ () C:\Users\CHU\Downloads\CHU_scoop.zip
2014-05-22 09:29 - 2014-05-22 09:29 - 03981530 _____ () C:\Users\CHU\Downloads\wordpress-3.2.1.zip
2014-05-21 17:44 - 2014-05-21 17:44 - 04920954 _____ () C:\Users\CHU\Downloads\wordpress-3.4.2.zip
2014-05-21 15:13 - 2014-05-21 15:13 - 07508475 _____ () C:\Users\CHU\Downloads\lambtosl_wp1.sql
2014-05-21 03:03 - 2011-11-06 18:32 - 00000000 ____D () C:\Users\CHU\AppData\Local\Conduit
2014-05-16 12:12 - 2012-06-12 15:59 - 00000838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 05:17 - 2014-05-16 05:17 - 00746355 _____ () C:\Users\CHU\Downloads\jw-flv-player.zip
2014-05-16 05:17 - 2014-05-16 05:17 - 00000000 ____D () C:\Users\CHU\Downloads\jw-flv-player

Files to move or delete:
====================
C:\ProgramData\87_fg.pad
C:\ProgramData\reyalpclv.pad


Some content of TEMP:
====================
C:\Users\CHU\AppData\Local\temp\install_flashplayer14x32axau_mssd_aaa_aih.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-15 13:12

==================== End Of Log ============================

 

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 16 June 2014 - 08:01 AM

Not sure is this is an issue.
 

(Cubic Reality Software) C:\Program Files\CubicExplorer\CubicExplorer.exe

This program file is Powered by WordPress it may just be where you got into some problems.
http://www.cubicreality.com/ce/
===

Not sure if you have cleaned the items found by the AdwCleaner tool.

I suggest your remove everything.

You can at you own risk keep
 

Service Found : ExpatShieldService
Service Found : ExpatSrv
Service Found : ExpatTrayService
Service Found : ExpatWd
C:\Expat Shield
C:\Program Files\Expat Shield
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
C:\Users\CHU\AppData\Roaming\pdfforge
C:\Users\Guest\AppData\LocalLow\pdfforge


===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -  No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Extension: afurladvisor - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-02-01]
S3 catchme; \??\C:\Users\CHU\AppData\Local\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\Users\fly23\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
C:\ProgramData\87_fg.pad
C:\ProgramData\reyalpclv.pad
AlternateDataStreams: C:\ProgramData\TEMP:131C0EE9
AlternateDataStreams: C:\ProgramData\TEMP:3E7393FC
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
AlternateDataStreams: C:\ProgramData\TEMP:793F316E
AlternateDataStreams: C:\ProgramData\TEMP:B623B5B8

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.

#9 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 17 June 2014 - 11:03 AM

i have removed the program Cubic Explorer, as per your recommendations and I ran AdwCleaner too. Would you like to see the report for that?

 

 

fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-06-2014 02
Ran by CHU at 2014-06-17 16:44:36 Run:1
Running from C:\Users\CHU\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -  No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Extension: afurladvisor - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-02-01]
S3 catchme; \??\C:\Users\CHU\AppData\Local\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\Users\fly23\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
C:\ProgramData\87_fg.pad
C:\ProgramData\reyalpclv.pad
AlternateDataStreams: C:\ProgramData\TEMP:131C0EE9
AlternateDataStreams: C:\ProgramData\TEMP:3E7393FC
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
AlternateDataStreams: C:\ProgramData\TEMP:793F316E
AlternateDataStreams: C:\ProgramData\TEMP:B623B5B8

End
*****************

'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}'=> Key not found.
'HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}'=> Key not found.
'HKCR\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => value deleted successfully.
'HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}' => Key deleted successfully.
'HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}' => Key deleted successfully.
'HKCR\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}' => Key deleted successfully.
'HKCR\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}' => Key deleted successfully.
'HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}' => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
'HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}'=> Key not found.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com => not found.
catchme => Service deleted successfully.
cpuz132 => Service deleted successfully.
IntcAzAudAddService => Service deleted successfully.
IpInIp => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
motandroidusb => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
wacommousefilter => Service deleted successfully.
wacomvhid => Service deleted successfully.
C:\ProgramData\87_fg.pad => Moved successfully.
C:\ProgramData\reyalpclv.pad => Moved successfully.
C:\ProgramData\TEMP => ":131C0EE9" ADS removed successfully.
C:\ProgramData\TEMP => ":3E7393FC" ADS removed successfully.
C:\ProgramData\TEMP => ":4CF61E54" ADS removed successfully.
C:\ProgramData\TEMP => ":580E04D8" ADS removed successfully.
C:\ProgramData\TEMP => ":793F316E" ADS removed successfully.
C:\ProgramData\TEMP => ":B623B5B8" ADS removed successfully.

==== End of Fixlog ====

 

checkup.txt

 Results of screen317's Security Check version 0.99.85  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java™ 6 Update 45  
 Java 7 Update 55  
 Java version out of Date!
  Adobe Flash Player     13.0.0.214 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 29.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 36 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 17 June 2014 - 01:38 PM

Looking good.

Let me know of any remaining issues?

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Old versions....

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>


Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===


Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs/drivers that are damaged and need updates.
If interested in security I would download the tool and run it.
<<<>>>

#11 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 19 June 2014 - 07:55 AM

thanks you so much for your help nasdaq

 

updated adobe & java. all running really smooth now

 

i will only update java from their console or better still - go to their site.

Pleanty of items removed sue to your invaluable help and expertise. thanks for looking at my painful messages.

 

all the best,

WB



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 19 June 2014 - 08:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users