Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Connectivity Problems~Possible Malware Threat


  • This topic is locked This topic is locked
16 replies to this topic

#1 Lakes

Lakes

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:01:22 PM

Posted 13 June 2014 - 06:06 PM

I am having massive connectivity problems in that either Firefox or Chrome come up "Page not found" and "snap" etc (dinosaur icon) This looks very much like a Virus but I cannot think where it may have come from as I have not downloaded anything but fonts from a reliable source as of late.

 

I can get into my emails and facebook from the My3 Account Page sometimes and so had to click on the Bleeping Computer link from your facebook page just to get in here. I have run Bleechbit, CC Cleaner and Malwarebytes and have Panda Antivirus all of which have come up with nothing.

 

I am running Microsoft Windows XP Media Center Edition Version 2008 Service Pack three with AMD™ Sempron processor 3500+ (201 GHz/ 225 GB of RAM)

 

Here are the two Logs...(attach, see attachment)

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702
Run by Simon at 23:46:29 on 2014-06-13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2303.1019 [GMT 1:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Cloud Firewall *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft 
 
shared\windows live\WindowsLiveLogin.dll
uRun: [SlimDrivers] "c:\program files\slimdrivers\SlimDrivers.exe" -boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\simon\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: MaxGPOScriptWait = dword:600
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - 
 
hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0} : NameServer = 217.171.132.1 217.171.132.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages =  msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\simon\application data\mozilla\firefox\profiles\pomw66pe.default-1364769427953\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: browser.startup.homepage - 
 
hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutB
 
tFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1559426607&ir=
FF - prefs.js: keyword.URL - 
FF - plugin: c:\documents and settings\simon\local settings\application data\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\wordweb\wcapturemoz\plugins\npWCX.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2012-06-13 23:44; wcapturex@deskperience.com; c:\program files\wordweb\WCaptureMoz
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - 
 
hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutB
 
tFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1559426607&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - 
 
hxxp://start.mysearchdial.com/?f=2&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutB
 
tFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1559426607&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - 
 
hxxp://start.mysearchdial.com/?f=3&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutB
 
tFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1559426607&ir=&q=
FF - user.js: extensions.mysearchdial.id - 001E101FA6DBCFE3
FF - user.js: extensions.mysearchdial.instlDay - 16089
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.014:3:25
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0101
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 
FF - user.js: extensions.mysearchdial.dfltLng - 
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1559426607
FF - user.js: extensions.mysearchdial.cd - 
 
2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - dsites0101
FF - user.js: extensions.irmysearch.instlRef - 
FF - user.js: extensions.irmysearch.cr - 1559426607
FF - user.js: extensions.irmysearch.cd - 
 
2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2014-3-1 22312]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2014-5-2 88992]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2014-5-2 166816]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2014-5-2 110496]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2014-5-2 125216]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2014-5-2 96160]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2014-5-2 121888]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2014-5-2 288032]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2014-5-2 208800]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2014-5-2 109856]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2014-5-2 243872]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2014-5-2 96928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2014-5-5 170656]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2013-4-2 1740696]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-19 418376]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2012-2-9 99328]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2014-5-5 
 
141560]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R2 PandaAgent;Panda Devices Agent;c:\program files\panda security\panda devices agent\AgentSvc.exe [2014-5-22 61688]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2014-5-5 138656]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2014-5-5 101536]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2014-5-5 112544]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2014-5-6 123168]
R2 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2014-5-5 98336]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2014-5-6 38136]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-4-2 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-4-2 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-4-2 73216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-19 22856]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2013-11-30 48736]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2012-11-22 7040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN 
 
v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-19 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-5-16 1691480]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-4-2 102784]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-4-2 90112]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-11-22 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 
 
4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2014-5-2 52384]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-06-13 21:54:42 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-05-06 07:21:28 123168 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2014-05-05 12:37:07 98336 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2014-05-05 12:37:06 112544 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2014-05-05 00:21:37 170656 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2014-05-05 00:21:37 101536 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2014-05-05 00:21:36 138656 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2014-05-02 14:42:33 96928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2014-05-02 14:42:33 243872 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2014-05-02 14:42:32 208800 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2014-05-02 14:42:32 109856 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2014-05-02 14:42:31 288032 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2014-05-02 14:42:31 121888 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2014-05-02 14:42:30 96160 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2014-05-02 14:42:30 52384 ----a-w- c:\windows\system32\drivers\NNSpihs.sys
2014-05-02 14:42:29 125216 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2014-05-02 14:42:29 110496 ----a-w- c:\windows\system32\drivers\NNSHttps.sys
2014-05-02 14:42:28 88992 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2014-05-02 14:42:28 166816 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2014-03-25 13:15:08 48736 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
.
============= FINISH: 23:48:32.76 ===============
 

 

 

 



BC AdBot (Login to Remove)

 


#2 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:01:22 PM

Posted 13 June 2014 - 06:11 PM

Here is the attach.txt Log.

Attached Files



#3 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:01:22 PM

Posted 15 June 2014 - 04:38 PM

This problem appears to have resolved itself. It must have had something to do with my internet server. False alarm, sorry.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:22 PM

Posted 17 June 2014 - 07:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I looked at your DDS log. It would be wise of you to run these tools.
Post the logs for my review.


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#5 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:01:22 PM

Posted 17 June 2014 - 03:00 PM

I tried twice to download the AdwCleaner and it was neutralised by Panda saying it is a virus and I can't run it.

 

virus10.jpg


Edited by Lakes, 17 June 2014 - 03:01 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:22 PM

Posted 18 June 2014 - 07:10 AM

It's not a virus.
There must be a way for Panda to accept the download.

I'm not familiar with Panda so cannot guide you.

If you can't download it just run the FRST tool and post the log.

#7 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:01:22 PM

Posted 18 June 2014 - 07:33 PM

Hi,

 

Panda did the same thing for that so I deactivated it and ran the tools as you originally instructed. Here are the Logs....

 

AdwCleaner

 

# AdwCleaner v3.212 - Report created 19/06/2014 at 01:13:46

# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Simon - FUNNY-90F7F5F9E
# Running from : C:\Documents and Settings\Simon\My Documents\Downloads\adwcleaner_3.212.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Program Files\YTD Toolbar
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Documents and Settings\Simon\Application Data\DigitalSites
Folder Deleted : C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a07
 
85364c8}
File Deleted : C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\savingsslider@mybrowserbar.com
 
.xpi
File Deleted : C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKCU\Software\Microsoft\Internet 
 
Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet 
 
Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\bearsharemediabartb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WebConnect
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313
 
EAF35A0553F547F9
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3
 
FA6EA6F88E414E24
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03
 
C97732FD581AB607
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683
 
FBCEB4866BCD2B0F
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A3
 
9B766468A8B35C21
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433
 
A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.startup.homepage", 
 
"hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN
 
0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtC[...]
Line Deleted : user_pref("extensions.irmysearch.aflt", "dsites0101");
Line Deleted : user_pref("extensions.irmysearch.cd", 
 
"2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Cz
 
utDzytDtCtG1T");
Line Deleted : user_pref("extensions.irmysearch.cr", "1559426607");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites0101");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", 
 
"2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Cz
 
utDzytDtCtG1T");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1559426607");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", 
 
"hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN
 
0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "001E101FA6DBCFE3");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16089");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", 
 
"hxxp://start.mysearchdial.com/?f=2&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN
 
0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Cz[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", 
 
"hxxp://start.mysearchdial.com/?f=3&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN
 
0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:3:25");
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : 
 
hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0E
 
tCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=15594266
 
07&ir=
 
*************************
 
AdwCleaner[R0].txt - [7278 octets] - [19/06/2014 00:47:05]
AdwCleaner[R1].txt - [7338 octets] - [19/06/2014 01:05:38]
AdwCleaner[S0].txt - [7391 octets] - [19/06/2014 01:13:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7451 octets] ##########
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014
Ran by Simon (administrator) on FUNNY-90F7F5F9E on 19-06-2014 01:21:25
Running from C:\Documents and Settings\Simon\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: 
 
Download link for 64-Bit Version: 
 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: 
 
 
==================== Processes (Whitelisted) =================
 
() C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(3Connect) C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
(Google Inc.) C:\Documents and Settings\Simon\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Simon\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Simon\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 
 
2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] 
 
(CANON INC.)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15517472 2013-01-31] (NVIDIA 
 
Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [418024 
 
2013-03-05] (BillP Studios)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 
 
2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2000-01-01] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 
 
2014-05-06] (Panda Security, S.L.)
HKU\S-1-5-20\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-1214440339-1957994488-1801674531-1004\...\Run: [SlimDrivers] => C:\Program 
 
Files\SlimDrivers\SlimDrivers.exe [29378880 2013-07-10] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-1214440339-1957994488-1801674531-1004\...\Run: [Google Update] => C:\Documents and 
 
Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-01-16] 
 
(Google Inc.)
HKU\S-1-5-21-1214440339-1957994488-1801674531-1004\...\Run: [Skype] => C:\Program 
 
Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1214440339-1957994488-1801674531-1005\...\Policies\Explorer: [NoInternetIcon] 0
Lsa: [Authentication Packages] msv1_0 nwprovau
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
SearchScopes: HKCU - {9C950E3E-B79A-4378-BAC2-74E7C03B5101} URL = 
 
 
tCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=15594266
 
07&ir=
SearchScopes: HKCU - {B26BF5F0-D37B-4523-8C9C-6B3E9657FB9F} URL = 
 
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common 
 
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} 
 
 
b
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} 
 
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows 
 
Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows 
 
Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common 
 
Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0}: [NameServer]217.171.132.1 217.171.132.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle 
 
Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft 
 
Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 
 
Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems 
 
Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Simon\Local 
 
Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Simon\Local 
 
Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll 
 
(Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft 
 
Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems 
 
Inc.)
FF SearchPlugin: C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\searchplugins\yahoo_ff.xml
FF Extension: Test Pilot - C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\testpilot@labs.mozilla.com.xpi 
 
[2013-03-31]
FF Extension: Start Page - C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\{58d2a791-6199-482f-a9aa-9b725
 
ec61362}.xpi [2014-01-28]
FF Extension: Adblock Plus - C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b987
 
9e08c5d}.xpi [2013-04-16]
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 
 
Presentation Foundation\DotNetAssistantExtension [2012-02-10]
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2012-02-10]
FF Extension: No Name - C:\Documents and Settings\Simon\Application 
 
Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\savingsslider@mybrowserbar.com
 
.xpi []
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - 
 
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 
 
Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2012-02-10]
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2012-02-10]
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Simon\Local 
 
Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn 
 
[2014-05-25]
CHR Extension: (PicBadges) - C:\Documents and Settings\Simon\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg [2013-08-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Simon\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-16]
CHR HKLM\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - 
 
C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx [2012-05-14]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program 
 
Files\WordWeb\wcxChrome.crx [2012-02-10]
CHR HKCU\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - 
 
C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx [2012-05-14]
 
========================== Services (Whitelisted) =================
 
R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 
 
2011-03-23] ()
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] 
 
(Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] 
 
(Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [141560 
 
2014-05-05] (Panda Security, S.L.)
S2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-05-22] 
 
(Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 
 
2014-05-06] (Panda Security, S.L.)
 
==================== Drivers (Whitelisted) ====================
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [90112 2011-03-23] (Huawei Technologies 
 
Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 mdvrmng; C:\WINDOWS\system32\drivers\mdvrmng.sys [10240 2011-03-23] () [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [88992 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [166816 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [110496 2014-05-02] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [125216 2014-05-02] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [96160 2014-05-02] (Panda Security, S.L.)
S4 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52384 2014-05-02] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [121888 2014-05-02] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [288032 2014-05-02] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [208800 2014-05-02] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [109856 2014-05-02] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [243872 2014-05-02] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [96928 2014-05-02] (Panda Security, S.L.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [100736 2008-07-30] (NVIDIA Corporation) [File 
 
not signed]
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2000-01-01] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [138656 2014-05-05] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [101536 2014-05-05] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [170656 2014-05-05] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [112544 2014-05-05] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [123168 2014-05-06] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [98336 2014-05-05] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-06-19] ()
R3 whfltr2k; C:\WINDOWS\System32\DRIVERS\whfltr2k.sys [7040 2000-01-01] ()
S3 catchme; \??\C:\DOCUME~1\Simon\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-19 01:21 - 2014-06-19 01:21 - 00000000 ___DC () C:\FRST
2014-06-19 01:17 - 2014-06-19 01:17 - 00007531 ____C () C:\Documents and 
 
Settings\Simon\Desktop\AdwCleaner[S0].txt
2014-06-19 01:17 - 2014-06-19 01:17 - 00000000 ____D () C:\WINDOWS\LastGood
2014-06-19 00:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) 
 
C:\WINDOWS\system32\sqlite3.dll
2014-06-19 00:46 - 2014-06-19 01:14 - 00000000 ___DC () C:\AdwCleaner
2014-06-19 00:45 - 2014-06-19 00:45 - 00001428 ____C () C:\Documents and Settings\Simon\Desktop\BP.txt
2014-06-18 04:36 - 2014-06-18 04:36 - 00000038 ____C () C:\Documents and 
 
Settings\Simon\Desktop\Proseller email.txt
2014-06-17 21:45 - 2014-06-18 19:04 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Wikimedia
2014-06-17 00:51 - 2014-06-19 01:17 - 00002318 _____ () C:\WINDOWS\setupapi.log
2014-06-17 00:51 - 2014-06-19 01:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-17 00:50 - 2014-06-19 01:19 - 00077455 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-17 00:50 - 2014-06-19 01:16 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-17 00:50 - 2014-06-19 01:15 - 00032534 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-17 00:50 - 2014-06-17 00:50 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-06-14 23:57 - 2014-06-15 00:03 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Steampunk wedding
2014-06-13 23:49 - 2014-06-13 23:49 - 00005500 ____C () C:\Documents and 
 
Settings\Simon\Desktop\attach.txt
2014-06-13 23:49 - 2014-06-13 23:48 - 00014336 ____C () C:\Documents and 
 
Settings\Simon\Desktop\dds.txt
2014-06-13 21:50 - 2014-06-13 21:50 - 00000000 ____D () C:\Documents and Settings\Simon\Start 
 
Menu\Programs\BleachBit
2014-06-13 18:09 - 2014-06-13 18:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Panda Cloud Antivirus
2014-06-11 12:16 - 2014-06-11 12:16 - 00000046 ____C () C:\Documents and 
 
Settings\Simon\Desktop\IBAN.txt
2014-06-09 16:25 - 2014-06-18 21:42 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\June
2014-06-08 22:21 - 2014-06-10 20:11 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New 
 
naughties
2014-06-08 21:50 - 2014-06-10 20:29 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New 
 
Cards
2014-06-08 18:35 - 2014-06-08 18:35 - 01092802 _____ () C:\Documents and 
 
Settings\Simon\Desktop\patterns - Google Search.htm
2014-06-08 18:35 - 2014-06-08 18:35 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\patterns - Google Search_files
2014-06-08 18:21 - 2014-06-08 18:21 - 00136225 _____ () C:\Documents and Settings\Simon\Desktop\How to 
 
create surface patterns  10 expert tips   Graphic design   Creative Bloq.htm
2014-06-08 18:20 - 2014-06-08 18:20 - 00209401 _____ () C:\Documents and 
 
Settings\Simon\Desktop\Surface pattern design  .htm
2014-06-08 18:20 - 2014-06-08 18:20 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Surface pattern design  _files
2014-06-08 17:46 - 2014-06-09 01:06 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Surface patterns
2014-06-07 16:51 - 2014-06-08 18:21 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\How to 
 
create surface patterns  10 expert tips   Graphic design   Creative Bloq_files
2014-06-05 19:33 - 2014-06-05 20:59 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Sleeves
2014-06-04 22:57 - 2014-06-04 22:57 - 00006929 ____C () C:\Documents and Settings\Simon\Desktop\New 
 
Leah.txt
2014-06-04 13:45 - 2014-06-04 13:45 - 00000073 ____C () C:\Documents and Settings\Simon\Desktop\GG.txt
2014-06-03 21:54 - 2014-06-03 22:07 - 00000559 ____C () C:\Documents and 
 
Settings\Simon\Desktop\Holidays.txt
2014-06-03 12:07 - 2014-06-03 12:08 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Txt 
 
files
2014-05-30 09:03 - 2014-05-30 09:03 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-21 20:48 - 2014-05-21 20:48 - 00000217 ____C () C:\Documents and Settings\Simon\Desktop\Tax 
 
return.txt
 
==================== One Month Modified Files and Folders =======
 
2014-06-19 01:22 - 2013-04-10 20:52 - 00000000 ____D () C:\Documents and Settings\Simon\Local 
 
Settings\temp
2014-06-19 01:21 - 2014-06-19 01:21 - 00000000 ___DC () C:\FRST
2014-06-19 01:19 - 2014-06-17 00:50 - 00077455 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-19 01:19 - 2012-02-29 18:01 - 00000000 ___DC () C:\Documents and Settings\Simon\Application 
 
Data\Skype
2014-06-19 01:19 - 2012-02-09 20:06 - 00000418 ____H () 
 
C:\WINDOWS\Tasks\User_Feed_Synchronization-{AC9760B5-E4A4-4449-A33E-347A5925D556}.job
2014-06-19 01:17 - 2014-06-19 01:17 - 00007531 ____C () C:\Documents and 
 
Settings\Simon\Desktop\AdwCleaner[S0].txt
2014-06-19 01:17 - 2014-06-19 01:17 - 00000000 ____D () C:\WINDOWS\LastGood
2014-06-19 01:17 - 2014-06-17 00:51 - 00002318 _____ () C:\WINDOWS\setupapi.log
2014-06-19 01:17 - 2012-11-22 15:59 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-06-19 01:17 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-19 01:16 - 2014-06-17 00:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-19 01:16 - 2014-06-17 00:50 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-19 01:16 - 2012-02-09 20:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-19 01:16 - 2012-02-09 19:09 - 00313656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-19 01:15 - 2014-06-17 00:50 - 00032534 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-19 01:15 - 2012-02-11 12:38 - 20971520 _____ () C:\WINDOWS\system32\config\Nano.evt
2014-06-19 01:15 - 2012-02-09 20:03 - 00000278 __SHC () C:\Documents and Settings\Simon\ntuser.ini
2014-06-19 01:14 - 2014-06-19 00:46 - 00000000 ___DC () C:\AdwCleaner
2014-06-19 00:45 - 2014-06-19 00:45 - 00001428 ____C () C:\Documents and Settings\Simon\Desktop\BP.txt
2014-06-19 00:40 - 2012-02-09 20:05 - 00102000 _____ () C:\Documents and Settings\Simon\Local 
 
Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-19 00:35 - 2014-01-16 07:11 - 00000978 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1957994488-1801674531-1004UA.job
2014-06-18 23:47 - 2013-09-27 20:50 - 00000000 ___DC () C:\Documents and Settings\Simon\Application 
 
Data\vlc
2014-06-18 23:26 - 2014-05-10 21:12 - 00000000 __RDC () C:\Documents and 
 
Settings\Simon\Desktop\Customizable
2014-06-18 21:42 - 2014-06-09 16:25 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\June
2014-06-18 19:04 - 2014-06-17 21:45 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Wikimedia
2014-06-18 04:36 - 2014-06-18 04:36 - 00000038 ____C () C:\Documents and 
 
Settings\Simon\Desktop\Proseller email.txt
2014-06-18 00:04 - 2014-05-11 14:38 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\Party 
 
Peeps
2014-06-17 23:14 - 2013-02-12 21:14 - 00002239 _____ () C:\Documents and Settings\Simon\Desktop\EZ 
 
Fonts.lnk
2014-06-17 00:52 - 2012-02-09 19:33 - 00000000 ____D () C:\WINDOWS\Registration
2014-06-17 00:50 - 2014-06-17 00:50 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-06-17 00:04 - 2014-04-11 12:20 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New 
 
Chalkies
2014-06-16 09:35 - 2014-01-16 07:11 - 00000926 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1957994488-1801674531-1004Core.job
2014-06-16 03:17 - 2014-05-09 13:40 - 00000000 __RDC () C:\Documents and 
 
Settings\Simon\Desktop\Cycling
2014-06-15 00:03 - 2014-06-14 23:57 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Steampunk wedding
2014-06-13 23:49 - 2014-06-13 23:49 - 00005500 ____C () C:\Documents and 
 
Settings\Simon\Desktop\attach.txt
2014-06-13 23:48 - 2014-06-13 23:49 - 00014336 ____C () C:\Documents and 
 
Settings\Simon\Desktop\dds.txt
2014-06-13 22:40 - 2012-02-09 20:02 - 00000000 ___DC () C:\Documents and Settings\Simon
2014-06-13 22:05 - 2013-09-12 05:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-13 21:50 - 2014-06-13 21:50 - 00000000 ____D () C:\Documents and Settings\Simon\Start 
 
Menu\Programs\BleachBit
2014-06-13 21:50 - 2012-02-11 11:40 - 00000000 ____D () C:\Program Files\BleachBit
2014-06-13 18:10 - 2013-05-02 01:27 - 00000000 ____D () C:\Program Files\Panda Security
2014-06-13 18:10 - 2012-02-11 12:37 - 00000000 ___DC () C:\Documents and Settings\All 
 
Users\Application Data\Panda Security
2014-06-13 18:09 - 2014-06-13 18:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Panda Cloud Antivirus
2014-06-13 03:03 - 2013-07-24 13:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-13 03:00 - 2012-02-10 03:20 - 92708840 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\MRT.exe
2014-06-11 12:16 - 2014-06-11 12:16 - 00000046 ____C () C:\Documents and 
 
Settings\Simon\Desktop\IBAN.txt
2014-06-10 20:29 - 2014-06-08 21:50 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New 
 
Cards
2014-06-10 20:11 - 2014-06-08 22:21 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New 
 
naughties
2014-06-10 20:07 - 2014-04-07 09:38 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New 
 
bleep
2014-06-10 19:26 - 2014-03-29 17:54 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\April
2014-06-10 17:50 - 2014-01-14 15:25 - 00000000 __RDC () C:\Documents and 
 
Settings\Simon\Desktop\Chalkies
2014-06-09 01:06 - 2014-06-08 17:46 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Surface patterns
2014-06-09 00:59 - 2014-02-24 19:14 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Songs
2014-06-09 00:56 - 2013-11-05 18:10 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\New 
 
Year
2014-06-09 00:55 - 2014-02-25 15:41 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\March
2014-06-09 00:44 - 2013-12-31 20:16 - 00000000 __RDC () C:\Documents and 
 
Settings\Simon\Desktop\Monogram labels
2014-06-08 23:17 - 2014-05-03 05:38 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Flasks
2014-06-08 22:58 - 2014-05-09 13:26 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\May
2014-06-08 22:35 - 2014-01-29 19:11 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Feb
2014-06-08 22:30 - 2014-01-10 15:27 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Jan
2014-06-08 18:35 - 2014-06-08 18:35 - 01092802 _____ () C:\Documents and 
 
Settings\Simon\Desktop\patterns - Google Search.htm
2014-06-08 18:35 - 2014-06-08 18:35 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\patterns - Google Search_files
2014-06-08 18:21 - 2014-06-08 18:21 - 00136225 _____ () C:\Documents and Settings\Simon\Desktop\How to 
 
create surface patterns  10 expert tips   Graphic design   Creative Bloq.htm
2014-06-08 18:21 - 2014-06-07 16:51 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\How to 
 
create surface patterns  10 expert tips   Graphic design   Creative Bloq_files
2014-06-08 18:20 - 2014-06-08 18:20 - 00209401 _____ () C:\Documents and 
 
Settings\Simon\Desktop\Surface pattern design  .htm
2014-06-08 18:20 - 2014-06-08 18:20 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Surface pattern design  _files
2014-06-08 16:47 - 2014-05-10 21:12 - 00000000 __RDC () C:\Documents and 
 
Settings\Simon\Desktop\Natureloversworld
2014-06-06 18:59 - 2014-05-07 13:09 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Fishing
2014-06-05 20:59 - 2014-06-05 19:33 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Sleeves
2014-06-05 02:11 - 2012-03-05 22:14 - 00030208 ____C () C:\Documents and Settings\Simon\Local 
 
Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-04 22:57 - 2014-06-04 22:57 - 00006929 ____C () C:\Documents and Settings\Simon\Desktop\New 
 
Leah.txt
2014-06-04 13:45 - 2014-06-04 13:45 - 00000073 ____C () C:\Documents and Settings\Simon\Desktop\GG.txt
2014-06-04 12:58 - 2012-02-10 16:32 - 00000000 ___DC () C:\Documents and Settings\All 
 
Users\Application Data\CanonIJPLM
2014-06-03 22:24 - 2014-05-08 19:06 - 00000000 ___DC () C:\Documents and 
 
Settings\Simon\Desktop\Christmas
2014-06-03 22:07 - 2014-06-03 21:54 - 00000559 ____C () C:\Documents and 
 
Settings\Simon\Desktop\Holidays.txt
2014-06-03 12:08 - 2014-06-03 12:07 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Txt 
 
files
2014-05-30 09:03 - 2014-05-30 09:03 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-30 09:03 - 2013-12-24 10:46 - 00000000 ___RD () C:\Program Files\Skype
2014-05-30 09:03 - 2012-02-29 18:00 - 00000000 ___DC () C:\Documents and Settings\All 
 
Users\Application Data\Skype
2014-05-25 04:36 - 2014-01-05 00:16 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Pussy
2014-05-22 21:18 - 2014-05-09 11:45 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\Gym
2014-05-21 20:48 - 2014-05-21 20:48 - 00000217 ____C () C:\Documents and Settings\Simon\Desktop\Tax 
 
return.txt
 
Some content of TEMP:
====================
C:\Documents and Settings\Simon\Local Settings\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 


#8 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:01:22 PM

Posted 18 June 2014 - 07:34 PM

Here is the Addition.txt file.

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:22 PM

Posted 19 June 2014 - 07:38 AM

I cannot read the FRST log in it's present format.

Please remove the Word Wrap from the Notepad.
You will find this function on the menu > Format...
This will eliminate the extra lines in your FRST log.

Please run FRST one more time and post a fresh log.

#10 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:01:22 PM

Posted 19 June 2014 - 09:58 AM

Sorry. Here it is again...
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014
Ran by Simon (administrator) on FUNNY-90F7F5F9E on 19-06-2014 15:54:56
Running from C:\Documents and Settings\Simon\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
() C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(3Connect) C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
(Google Inc.) C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15517472 2013-01-31] (NVIDIA Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [418024 2013-03-05] (BillP Studios)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2000-01-01] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.)
HKU\S-1-5-20\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-1214440339-1957994488-1801674531-1004\...\Run: [SlimDrivers] => C:\Program Files\SlimDrivers\SlimDrivers.exe [29378880 2013-07-10] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-1214440339-1957994488-1801674531-1004\...\Run: [Google Update] => C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-01-16] (Google Inc.)
HKU\S-1-5-21-1214440339-1957994488-1801674531-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1214440339-1957994488-1801674531-1005\...\Policies\Explorer: [NoInternetIcon] 0
Lsa: [Authentication Packages] msv1_0 nwprovau
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=
SearchScopes: HKCU - {B26BF5F0-D37B-4523-8C9C-6B3E9657FB9F} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0}: [NameServer]217.171.132.1 217.171.132.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\searchplugins\yahoo_ff.xml
FF Extension: Test Pilot - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\testpilot@labs.mozilla.com.xpi [2013-03-31]
FF Extension: Start Page - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-01-28]
FF Extension: Adblock Plus - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-16]
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-10]
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2012-02-10]
FF Extension: No Name - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\savingsslider@mybrowserbar.com.xpi []
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2012-02-10]
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2012-02-10]
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (PicBadges) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg [2013-08-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-16]
CHR HKLM\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx [2012-05-14]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2012-02-10]
CHR HKCU\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx [2012-05-14]
 
========================== Services (Whitelisted) =================
 
R2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [141560 2014-05-05] (Panda Security, S.L.)
S2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-05-22] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.)
 
==================== Drivers (Whitelisted) ====================
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [90112 2011-03-23] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 mdvrmng; C:\WINDOWS\system32\drivers\mdvrmng.sys [10240 2011-03-23] () [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [88992 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [166816 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [110496 2014-05-02] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [125216 2014-05-02] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [96160 2014-05-02] (Panda Security, S.L.)
S4 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52384 2014-05-02] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [121888 2014-05-02] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [288032 2014-05-02] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [208800 2014-05-02] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [109856 2014-05-02] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [243872 2014-05-02] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [96928 2014-05-02] (Panda Security, S.L.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [100736 2008-07-30] (NVIDIA Corporation) [File not signed]
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2000-01-01] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [138656 2014-05-05] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [101536 2014-05-05] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [170656 2014-05-05] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [112544 2014-05-05] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [123168 2014-05-06] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [98336 2014-05-05] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-06-19] ()
R3 whfltr2k; C:\WINDOWS\System32\DRIVERS\whfltr2k.sys [7040 2000-01-01] ()
S3 catchme; \??\C:\DOCUME~1\Simon\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-19 01:24 - 2014-06-19 01:24 - 00029293 ____C () C:\Documents and Settings\Simon\Desktop\FRST.txt
2014-06-19 01:24 - 2014-06-19 01:24 - 00020751 ____C () C:\Documents and Settings\Simon\Desktop\Addition.txt
2014-06-19 01:21 - 2014-06-19 15:54 - 00000000 ___DC () C:\FRST
2014-06-19 01:17 - 2014-06-19 01:17 - 00007531 ____C () C:\Documents and Settings\Simon\Desktop\AdwCleaner[S0].txt
2014-06-19 01:17 - 2014-06-19 01:17 - 00000000 ____D () C:\WINDOWS\LastGood
2014-06-19 00:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-06-19 00:46 - 2014-06-19 01:14 - 00000000 ___DC () C:\AdwCleaner
2014-06-19 00:45 - 2014-06-19 00:45 - 00001428 ____C () C:\Documents and Settings\Simon\Desktop\BP.txt
2014-06-18 04:36 - 2014-06-18 04:36 - 00000038 ____C () C:\Documents and Settings\Simon\Desktop\Proseller email.txt
2014-06-17 21:45 - 2014-06-18 19:04 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Wikimedia
2014-06-17 00:51 - 2014-06-19 10:43 - 00000349 _____ () C:\WINDOWS\wiadebug.log
2014-06-17 00:51 - 2014-06-19 01:17 - 00002318 _____ () C:\WINDOWS\setupapi.log
2014-06-17 00:50 - 2014-06-19 15:50 - 00032230 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-17 00:50 - 2014-06-19 15:48 - 00093211 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-17 00:50 - 2014-06-19 01:16 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-17 00:50 - 2014-06-17 00:50 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-06-14 23:57 - 2014-06-15 00:03 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Steampunk wedding
2014-06-13 23:49 - 2014-06-13 23:49 - 00005500 ____C () C:\Documents and Settings\Simon\Desktop\attach.txt
2014-06-13 23:49 - 2014-06-13 23:48 - 00014336 ____C () C:\Documents and Settings\Simon\Desktop\dds.txt
2014-06-13 21:50 - 2014-06-13 21:50 - 00000000 ____D () C:\Documents and Settings\Simon\Start Menu\Programs\BleachBit
2014-06-13 18:09 - 2014-06-13 18:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
2014-06-11 12:16 - 2014-06-11 12:16 - 00000046 ____C () C:\Documents and Settings\Simon\Desktop\IBAN.txt
2014-06-09 16:25 - 2014-06-18 21:42 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\June
2014-06-08 22:21 - 2014-06-10 20:11 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New naughties
2014-06-08 21:50 - 2014-06-10 20:29 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New Cards
2014-06-08 18:35 - 2014-06-08 18:35 - 01092802 _____ () C:\Documents and Settings\Simon\Desktop\patterns - Google Search.htm
2014-06-08 18:35 - 2014-06-08 18:35 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\patterns - Google Search_files
2014-06-08 18:21 - 2014-06-08 18:21 - 00136225 _____ () C:\Documents and Settings\Simon\Desktop\How to create surface patterns  10 expert tips   Graphic design   Creative Bloq.htm
2014-06-08 18:20 - 2014-06-08 18:20 - 00209401 _____ () C:\Documents and Settings\Simon\Desktop\Surface pattern design  .htm
2014-06-08 18:20 - 2014-06-08 18:20 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Surface pattern design  _files
2014-06-08 17:46 - 2014-06-09 01:06 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Surface patterns
2014-06-07 16:51 - 2014-06-08 18:21 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\How to create surface patterns  10 expert tips   Graphic design   Creative Bloq_files
2014-06-05 19:33 - 2014-06-05 20:59 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Sleeves
2014-06-04 22:57 - 2014-06-04 22:57 - 00006929 ____C () C:\Documents and Settings\Simon\Desktop\New Leah.txt
2014-06-04 13:45 - 2014-06-04 13:45 - 00000073 ____C () C:\Documents and Settings\Simon\Desktop\GG.txt
2014-06-03 21:54 - 2014-06-03 22:07 - 00000559 ____C () C:\Documents and Settings\Simon\Desktop\Holidays.txt
2014-06-03 12:07 - 2014-06-03 12:08 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Txt files
2014-05-30 09:03 - 2014-05-30 09:03 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-21 20:48 - 2014-05-21 20:48 - 00000217 ____C () C:\Documents and Settings\Simon\Desktop\Tax return.txt
 
==================== One Month Modified Files and Folders =======
 
2014-06-19 15:55 - 2013-04-10 20:52 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\temp
2014-06-19 15:54 - 2014-06-19 01:21 - 00000000 ___DC () C:\FRST
2014-06-19 15:50 - 2014-06-17 00:50 - 00032230 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-19 15:50 - 2012-02-09 20:06 - 00000418 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{AC9760B5-E4A4-4449-A33E-347A5925D556}.job
2014-06-19 15:49 - 2012-02-29 18:01 - 00000000 ___DC () C:\Documents and Settings\Simon\Application Data\Skype
2014-06-19 15:48 - 2014-06-17 00:50 - 00093211 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-19 13:35 - 2014-01-16 07:11 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1957994488-1801674531-1004UA.job
2014-06-19 10:47 - 2014-05-11 14:38 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\Party Peeps
2014-06-19 10:43 - 2014-06-17 00:51 - 00000349 _____ () C:\WINDOWS\wiadebug.log
2014-06-19 09:35 - 2014-01-16 07:11 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1957994488-1801674531-1004Core.job
2014-06-19 01:24 - 2014-06-19 01:24 - 00029293 ____C () C:\Documents and Settings\Simon\Desktop\FRST.txt
2014-06-19 01:24 - 2014-06-19 01:24 - 00020751 ____C () C:\Documents and Settings\Simon\Desktop\Addition.txt
2014-06-19 01:17 - 2014-06-19 01:17 - 00007531 ____C () C:\Documents and Settings\Simon\Desktop\AdwCleaner[S0].txt
2014-06-19 01:17 - 2014-06-19 01:17 - 00000000 ____D () C:\WINDOWS\LastGood
2014-06-19 01:17 - 2014-06-17 00:51 - 00002318 _____ () C:\WINDOWS\setupapi.log
2014-06-19 01:17 - 2012-11-22 15:59 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-06-19 01:17 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-19 01:16 - 2014-06-17 00:50 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-19 01:16 - 2012-02-09 20:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-19 01:16 - 2012-02-09 19:09 - 00313656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-19 01:15 - 2012-02-11 12:38 - 20971520 _____ () C:\WINDOWS\system32\config\Nano.evt
2014-06-19 01:15 - 2012-02-09 20:03 - 00000278 __SHC () C:\Documents and Settings\Simon\ntuser.ini
2014-06-19 01:14 - 2014-06-19 00:46 - 00000000 ___DC () C:\AdwCleaner
2014-06-19 00:45 - 2014-06-19 00:45 - 00001428 ____C () C:\Documents and Settings\Simon\Desktop\BP.txt
2014-06-19 00:40 - 2012-02-09 20:05 - 00102000 _____ () C:\Documents and Settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-18 23:47 - 2013-09-27 20:50 - 00000000 ___DC () C:\Documents and Settings\Simon\Application Data\vlc
2014-06-18 23:26 - 2014-05-10 21:12 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\Customizable
2014-06-18 21:42 - 2014-06-09 16:25 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\June
2014-06-18 19:04 - 2014-06-17 21:45 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Wikimedia
2014-06-18 04:36 - 2014-06-18 04:36 - 00000038 ____C () C:\Documents and Settings\Simon\Desktop\Proseller email.txt
2014-06-17 23:14 - 2013-02-12 21:14 - 00002239 _____ () C:\Documents and Settings\Simon\Desktop\EZ Fonts.lnk
2014-06-17 00:52 - 2012-02-09 19:33 - 00000000 ____D () C:\WINDOWS\Registration
2014-06-17 00:50 - 2014-06-17 00:50 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-06-17 00:04 - 2014-04-11 12:20 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New Chalkies
2014-06-16 03:17 - 2014-05-09 13:40 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\Cycling
2014-06-15 00:03 - 2014-06-14 23:57 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Steampunk wedding
2014-06-13 23:49 - 2014-06-13 23:49 - 00005500 ____C () C:\Documents and Settings\Simon\Desktop\attach.txt
2014-06-13 23:48 - 2014-06-13 23:49 - 00014336 ____C () C:\Documents and Settings\Simon\Desktop\dds.txt
2014-06-13 22:40 - 2012-02-09 20:02 - 00000000 ___DC () C:\Documents and Settings\Simon
2014-06-13 22:05 - 2013-09-12 05:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-13 21:50 - 2014-06-13 21:50 - 00000000 ____D () C:\Documents and Settings\Simon\Start Menu\Programs\BleachBit
2014-06-13 21:50 - 2012-02-11 11:40 - 00000000 ____D () C:\Program Files\BleachBit
2014-06-13 18:10 - 2013-05-02 01:27 - 00000000 ____D () C:\Program Files\Panda Security
2014-06-13 18:10 - 2012-02-11 12:37 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Panda Security
2014-06-13 18:09 - 2014-06-13 18:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
2014-06-13 03:03 - 2013-07-24 13:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-13 03:00 - 2012-02-10 03:20 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-11 12:16 - 2014-06-11 12:16 - 00000046 ____C () C:\Documents and Settings\Simon\Desktop\IBAN.txt
2014-06-10 20:29 - 2014-06-08 21:50 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New Cards
2014-06-10 20:11 - 2014-06-08 22:21 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New naughties
2014-06-10 20:07 - 2014-04-07 09:38 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\New bleep
2014-06-10 19:26 - 2014-03-29 17:54 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\April
2014-06-10 17:50 - 2014-01-14 15:25 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\Chalkies
2014-06-09 01:06 - 2014-06-08 17:46 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Surface patterns
2014-06-09 00:59 - 2014-02-24 19:14 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Songs
2014-06-09 00:56 - 2013-11-05 18:10 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\New Year
2014-06-09 00:55 - 2014-02-25 15:41 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\March
2014-06-09 00:44 - 2013-12-31 20:16 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\Monogram labels
2014-06-08 23:17 - 2014-05-03 05:38 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Flasks
2014-06-08 22:58 - 2014-05-09 13:26 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\May
2014-06-08 22:35 - 2014-01-29 19:11 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Feb
2014-06-08 22:30 - 2014-01-10 15:27 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Jan
2014-06-08 18:35 - 2014-06-08 18:35 - 01092802 _____ () C:\Documents and Settings\Simon\Desktop\patterns - Google Search.htm
2014-06-08 18:35 - 2014-06-08 18:35 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\patterns - Google Search_files
2014-06-08 18:21 - 2014-06-08 18:21 - 00136225 _____ () C:\Documents and Settings\Simon\Desktop\How to create surface patterns  10 expert tips   Graphic design   Creative Bloq.htm
2014-06-08 18:21 - 2014-06-07 16:51 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\How to create surface patterns  10 expert tips   Graphic design   Creative Bloq_files
2014-06-08 18:20 - 2014-06-08 18:20 - 00209401 _____ () C:\Documents and Settings\Simon\Desktop\Surface pattern design  .htm
2014-06-08 18:20 - 2014-06-08 18:20 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Surface pattern design  _files
2014-06-08 16:47 - 2014-05-10 21:12 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\Natureloversworld
2014-06-06 18:59 - 2014-05-07 13:09 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Fishing
2014-06-05 20:59 - 2014-06-05 19:33 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Sleeves
2014-06-05 02:11 - 2012-03-05 22:14 - 00030208 ____C () C:\Documents and Settings\Simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-04 22:57 - 2014-06-04 22:57 - 00006929 ____C () C:\Documents and Settings\Simon\Desktop\New Leah.txt
2014-06-04 13:45 - 2014-06-04 13:45 - 00000073 ____C () C:\Documents and Settings\Simon\Desktop\GG.txt
2014-06-04 12:58 - 2012-02-10 16:32 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-06-03 22:24 - 2014-05-08 19:06 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Christmas
2014-06-03 22:07 - 2014-06-03 21:54 - 00000559 ____C () C:\Documents and Settings\Simon\Desktop\Holidays.txt
2014-06-03 12:08 - 2014-06-03 12:07 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Txt files
2014-05-30 09:03 - 2014-05-30 09:03 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-30 09:03 - 2013-12-24 10:46 - 00000000 ___RD () C:\Program Files\Skype
2014-05-30 09:03 - 2012-02-29 18:00 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Skype
2014-05-25 04:36 - 2014-01-05 00:16 - 00000000 ___DC () C:\Documents and Settings\Simon\Desktop\Pussy
2014-05-22 21:18 - 2014-05-09 11:45 - 00000000 __RDC () C:\Documents and Settings\Simon\Desktop\Gym
2014-05-21 20:48 - 2014-05-21 20:48 - 00000217 ____C () C:\Documents and Settings\Simon\Desktop\Tax return.txt
 
Some content of TEMP:
====================
C:\Documents and Settings\Simon\Local Settings\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:22 PM

Posted 20 June 2014 - 06:24 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


 
start

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=
SearchScopes: HKCU - {9C950E3E-B79A-4378-BAC2-74E7C03B5101} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtC0EtCtDtC0F0AyC0D0B0C0F0EtAtN0D0Tzu0CyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1559426607&ir=
FF Extension: Start Page - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-01-28]
FF Extension: No Name - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\savingsslider@mybrowserbar.com.xpi []
CHR HKLM\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx [2012-05-14]
CHR HKCU\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx [2012-05-14]
S2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Simon\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePat
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6DDED7D9

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Any remaining issues with this computer?

The tool will create a log (Fixlog.txt) please post it to your reply.

Edited by nasdaq, 20 June 2014 - 06:25 AM.


#12 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:01:22 PM

Posted 20 June 2014 - 06:49 AM

Hi nasdaq,

 

Here is the checkup.txt Log...

 

 Results of screen317's Security Check version 0.99.85  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Panda Cloud Antivirus   
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 WinPatrol 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
  Adobe Flash Player 11.9.900.170 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 23.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Panda Security Panda Cloud Antivirus PSANHost.exe  
 Panda Security Panda Cloud Antivirus PSUAService.exe  
 Panda Security Panda Cloud Antivirus PSUAMain.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 BillP Studios WinPatrol winpatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
And the Fixlog.txt Log
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:18-06-2014
Ran by Simon at 2014-06-20 12:30:35 Run:1
Running from C:\Documents and Settings\Simon\Desktop\New Folder
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=
FF Extension: Start Page - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-01-28]
FF Extension: No Name - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\savingsslider@mybrowserbar.com.xpi []
FF HKLM\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
CHR HKLM\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx [2012-05-14]
CHR HKCU\...\Chrome\Extension: [mgjkknncnlepghplinfpikcijdbmidbg] - C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx [2012-05-14]
S2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Simon\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePat
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6DDED7D9
 
End
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C950E3E-B79A-4378-BAC2-74E7C03B5101}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9C950E3E-B79A-4378-BAC2-74E7C03B5101}'=> Key not found.
C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi => Moved successfully.
C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\savingsslider@mybrowserbar.com.xpi => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\wcapturex@deskperience.com => value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\wcapturex@deskperience.com => value deleted successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\mgjkknncnlepghplinfpikcijdbmidbg' => Key deleted successfully.
C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx => Moved successfully.
'HKCU\SOFTWARE\Google\Chrome\Extensions\mgjkknncnlepghplinfpikcijdbmidbg' => Key deleted successfully.
"C:\DOCUME~1\Simon\LOCALS~1\APPLIC~1\2035822_Setup.crx" => File/Directory not found.
NWCWorkstation => Service deleted successfully.
catchme => Service deleted successfully.
IntelIde => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":6DDED7D9" ADS removed successfully.
 
==== End of Fixlog ====
 
The computer appears to be running much better thanks.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:22 PM

Posted 20 June 2014 - 08:41 AM

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#14 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:01:22 PM

Posted 20 June 2014 - 09:28 AM

Thanks very much! I didn't know about SpywareBlaster and have installed it and read the tutorial. Also WOT and ScriptNo as  am running Chrome. I just have Windows Firewall activated. Is this sufficient? I was told a while back to uninstall Java for some reason. Would it be a good idea for me to install it again?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:22 PM

Posted 20 June 2014 - 01:20 PM

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If you do not have a need for it then forget about it.

If you do install it make sure you keep it up to date.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users