Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan HTML.Kilim AQ


  • This topic is locked This topic is locked
19 replies to this topic

#1 grouser

grouser

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcester. England
  • Local time:04:28 AM

Posted 31 December 2014 - 07:16 AM

Hoping for help with this problem that as been going on for a few weeks.On my desktop I have an ISP version of F-Secure and recently it as been informing me that it as blocked this attack and placed into quarantine this trojan(which is as it should)so no problem there but it is the amount of attacks that I am concerned about inasmuch have I unknowingly latched onto something whilst browsing and this as made me vulnerable,I ask this as I am using my wifes laptop to write this, It is linked to my desktop only by the fact we use google chrome which is synched  and also is protected by the same ISP A.V but does not show any attacks of this trojan, am aware we have different sites we browse on but I often use her lap top so I can't understand why this hasn't happened on laptop,which makes me wonder if my desktop is infected by a trigger that induces these attacks,done a little investigative work on the traits of the trojan and the desktop is behaving as it should (I think)((No expert)) moved in response to QM7 also here is llnk to previous request for help and what was tried feel free to close linkhttp://www.bleepingcomputer.com/forums/t/561113/trojan-htmlkilim-aq/

DDS tool log

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 11.0.9600.17496
Run by Tonys at 11:48:20 on 2014-12-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2871.1319 [GMT 0:00]
.
AV: Computer Security *Enabled/Updated* {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
SP: Computer Security *Enabled/Updated* {B4114720-50DE-65B5-1C25-6AED390C569D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\TalkTalk\Security\fshoster32.exe
C:\Program Files\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files\DoNotTrackMe\AbineAutoUpdate.exe
C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\TalkTalk\Security\fshoster32.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uDefault_Page_URL = hxxp://www.medion.com
BHO: Talk Talk Online Safety: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - c:\program files\talktalk\security\apps\ccf_scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Blur BHO: {C584D6D2-EF22-4C61-BF5B-0C7E723D836C} - c:\program files\donottrackme\4.5.1353\AbineBHO.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [Power2GoExpress] <no file>
mRun: [F-Secure Manager] "c:\program files\talktalk\security\apps\computersecurity\common\FSM32.EXE" /splash
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [F-Secure Hoster (44515)] "c:\program files\talktalk\security\fshoster32.exe" -app -hosterid:1
mRunOnce: [AbineAutoUpdate] "c:\program files\donottrackme\AbineAutoUpdate.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F4157173-9C92-4186-AF0A-4A9086130851} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2013-12-17 44240]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\talktalk\security\apps\computersecurity\hips\drivers\fshs.sys [2014-12-5 74920]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\talktalk\security\apps\computersecurity\anti-virus\minifilter\fsvista.sys [2013-12-17 12840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2013-10-10 142648]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2014-11-27 2370240]
R2 fshoster;F-Secure Dll Hoster;c:\program files\talktalk\security\fshoster32.exe [2014-10-6 187432]
R2 FSORSPClient;F-Secure ORSP Client;c:\program files\talktalk\security\apps\ccf_reputation\fsorsp.exe [2014-6-24 60456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-2-17 13336]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-12-6 1229528]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2014-6-5 93040]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-2-17 2314240]
R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\tablet\pen\WTabletServiceCon.exe [2014-12-3 567064]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\talktalk\security\apps\computersecurity\anti-virus\minifilter\fsgk.sys [2013-12-17 149544]
R3 fsni;fsni;c:\program files\talktalk\security\apps\ccf_scanning\bin\fsni32.sys [2014-9-11 73256]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-8-23 270336]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-12-6 16024]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 22c5205d;VideoCnv;c:\windows\system32\rundll32.exe [2009-7-13 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-12-6 662232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-12-18 49856]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2014-3-31 1512640]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2014-12-3 12088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-9 102912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-12-17 14848]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-2-6 597536]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-2-11 49152]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2014-12-3 85304]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2014-12-3 13112]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-12-17 1343400]
.
=============== Created Last 30 ================
.
2014-12-30 21:28:03 -------- d-----w- c:\users\tonys\appdata\local\Comodo
2014-12-30 21:28:02 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-12-30 21:27:47 -------- d-----w- c:\program files\Comodo
2014-12-30 21:26:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-12-27 15:13:14 -------- d-----w- C:\AdwCleaner
2014-12-27 13:23:31 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-19 11:36:58 -------- d-----w- c:\programdata\CheckPoint
2014-12-18 09:16:16 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-09 21:00:38 -------- d-----w- c:\windows\system32\appraiser
2014-12-09 20:00:35 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-09 19:53:29 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-09 19:52:51 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-08 16:48:00 -------- d-----w- c:\program files\DoNotTrackMe
2014-12-08 13:11:21 -------- d-----w- c:\program files\Adblock Plus for IE
2014-12-05 11:20:30 -------- d-----w- c:\program files\Intel Driver Update Utility
2014-12-03 21:39:24 -------- d-----w- c:\users\tonys\appdata\roaming\com.livebrush
2014-12-03 21:39:18 -------- d-----w- c:\users\tonys\appdata\roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
2014-12-03 21:34:21 -------- d-----w- c:\users\tonys\appdata\roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2014-12-03 21:34:01 -------- d-----w- c:\programdata\Wacom
2014-12-03 21:33:50 -------- d-----w- c:\program files\Bamboo Dock
2014-12-03 20:32:25 -------- d-----w- c:\users\tonys\appdata\roaming\wacomid-desktop-launcher
2014-12-03 20:32:18 -------- d-----w- c:\users\tonys\appdata\roaming\Wacom
2014-12-03 20:30:45 -------- d-----w- c:\users\tonys\appdata\roaming\WTablet
2014-12-03 20:30:33 13112 ----a-w- c:\windows\system32\drivers\wacomrouterfilter.sys
2014-12-03 20:30:14 85304 ----a-w- c:\windows\system32\drivers\wachidrouter.sys
2014-12-03 20:30:14 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2014-12-03 20:30:14 1461992 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01009.dll
2014-12-03 20:30:14 12088 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2014-12-03 20:30:08 1614104 ----a-w- c:\windows\system32\Pen_Tablet.dll
2014-12-03 20:30:08 1610008 ----a-w- c:\windows\system32\WacomMT.dll
2014-12-03 20:30:08 1607448 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2014-12-03 20:30:08 1493784 ----a-w- c:\windows\system32\Wintab32.dll
2014-12-03 20:30:05 -------- d-----w- c:\program files\Tablet
2014-12-02 15:02:31 -------- d-----w- c:\users\tonys\appdata\roaming\27829
2014-12-01 16:02:34 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-01 16:02:31 -------- d-----w- c:\programdata\RogueKiller
.
==================== Find3M  ====================
.
2014-12-30 21:26:11 114904 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-12-27 13:03:37 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-10 18:40:15 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 18:40:15 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-05 09:06:13 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2014-12-04 04:38:59 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 04:38:45 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 04:38:40 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 04:38:37 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 04:38:36 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 04:38:36 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 04:34:13 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-11-27 19:49:02 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2014-11-22 02:20:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:14 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22:49 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-21 06:14:20 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 06:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 14:56:48 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 02:44:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32:14 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45:09 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:45:03 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
.
============= FINISH: 11:48:57.63 ===============

Attached Files


Edited by grouser, 31 December 2014 - 11:28 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 05 January 2015 - 07:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561597 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:28 AM

Posted 07 January 2015 - 06:05 AM

Hello, grouser
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Please reply using the t_reply.gif button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 grouser

grouser
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcester. England
  • Local time:04:28 AM

Posted 07 January 2015 - 06:22 AM

Hello, grouser
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Please reply using the t_reply.gif button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

Hello Tom, thanks for taking the time to help,I have been looking at why I have been getting these attacks and it coincided with me needing to manually up date Google Chrome as the automatic update function was not working and every time I did this from what I hoped was chromes webpage after which MY antivirus would flag up the attack by this trojanI have since unistall chrome and am using Comodo Dragon and have not had an attack since but am concerned that something untoward was left in my computer,here is the FRST.LOG

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-01-2015
Ran by Tonys at 2015-01-07 11:14:45
Running from C:\Users\Tonys\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Computer Security (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AS: Computer Security (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit) (HKLM\...\{80D9592D-BB3F-42A0-9907-C0C5A26BB43A}) (Version: 1.3 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (Version: 3.0.20 - Wacom) Hidden
BBC iPlayer Downloads (HKLM\...\{26FB1064-0CC3-49D8-97AB-CAE376428297}) (Version: 1.10.0 - BBC)
Blur 4.5.1353 (HKLM\...\DoNotTrackMe Add-on_is1) (Version: 4.5.1353 - Abine Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Computer Security 14.121.102.0 (release) (Version: 14.121.102.0 - F-Secure Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectXInstallService (Version: 9.0.0 - Roxio) Hidden
DVD43 Plug-in v1.0.0.6 (HKLM\...\DVD43 Plug-in_is1) (Version:  - )
DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
ESPR220 User's Guide (HKLM\...\ESPR220 User's Guide) (Version:  - )
F-Secure CCF Reputation (Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.112.309 (release) (Version: 1.51.112.309 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.102 (Version: 1.03.102 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (Version: 1.03.159.0 - F-Secure Corporation) Hidden
GEO SD Uploader (HKLM\...\GEODataUploader.D29C1B4BCF88F186D978C8A7236B360867C6975A.1) (Version: v1.5.7 - Green Energy Options Ltd)
GEO SD Uploader (Version: 1.5.7 - Green Energy Options Ltd) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM\...\{16CA4BD4-27ED-4DA0-9190-48F69D8AAC25}) (Version: 3.0.19.44 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.385.1020 (HKLM\...\{CEBBF68C-4C3F-4D9B-8482-428E01064C31}) (Version: 3.5.385.1020 - Google, Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.5.1003 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.2.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Livebrush Mini (HKLM\...\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1) (Version: 1.5 - MoreMeYou)
Livebrush Mini (Version: 1.5 - MoreMeYou) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-502834427-275982630-1598586866-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Node.js (HKLM\...\{417EF6AA-3961-4119-9A00-312724B35D3A}) (Version: 0.10.33 - Joyent, Inc. and other Node contributors)
Online Safety 2.115.2786.1676 (Version: 2.115.2786.1676 - F-Secure Corporation) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Premier Manager 08 (HKLM\...\{456450CE-6673-4A06-A633-801480FA5841}) (Version: 1.00.0000 - Zoo Digital Publishing)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SoftOrbits Photo Retoucher 2.0 (HKLM\...\SoftOrbits Photo Retoucher_is1) (Version: 2.0 - SoftOrbits)
SopCast 3.9.2 (HKLM\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Super Safe Boost (HKLM\...\F-Secure ServiceEnabler 44515) (Version: 2.21.282.0 - F-Secure Corporation)
Super Safe Boost (Version: 2.21.282.0 - F-Secure Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TDMore DVD Converter for GOTD 1.0.0.5 (18/09/2014) (HKLM\...\TDMore DVD Converter for GOTD_is1) (Version:  - )
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.10 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
26-12-2014 22:54:54 Scheduled Checkpoint
27-12-2014 14:56:45 Removed Java 7 Update 71
27-12-2014 15:00:14 Removed Java 7 Update 71
04-01-2015 10:45:55 Scheduled Checkpoint
05-01-2015 14:25:36 Installed TomTom HOME.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01E9CE14-220B-403E-AA21-734721717FDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-31] (Adobe Systems Incorporated)
Task: {020654D6-CF8E-4397-A566-7F558A5D27DB} - System32\Tasks\{C78423A8-F7EF-4C90-B5B4-359AD87E7E4F} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {039CF364-FBFA-4CE0-B7E3-EA8502559823} - System32\Tasks\{E1A1F74D-35A3-4240-AC60-358B5786D0F5} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {1A55FC9F-6B1E-4F4F-8F2D-4C3614695FCB} - System32\Tasks\{708D3225-FDCC-4129-BA90-89E6ED4740C4} => pcalua.exe -a "C:\Users\Tonys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8MZB4A2\AdobeAIRInstaller.exe" -d C:\Users\Tonys\Desktop
Task: {24DAC3C6-90F3-4D77-91A7-39EF9A0AC015} - System32\Tasks\{B5F0DA2E-7544-4E6D-9DEF-B81910863B17} => pcalua.exe -a C:\Users\Tonys\Downloads\E-Web_Print_11000\Installer\Setup.exe -d C:\Users\Tonys\Downloads\E-Web_Print_11000\Installer
Task: {2D2DF021-5407-4142-8368-A667388AFBE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {394E66CA-AD59-4DF0-B4E2-B3E9C51997A9} - System32\Tasks\{A3EF0592-73CD-4458-B276-F94A3F97FED3} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {4A913E68-405F-410D-8F65-DC21FF5D1875} - System32\Tasks\{A997E322-3D42-44C5-B3DA-D8938633D66A} => pcalua.exe -a "C:\Users\Tonys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJJFKEPH\epson374915eu.exe" -d C:\Users\Tonys\Desktop
Task: {4CD754B2-1A65-498F-A7D1-961F52A8BAC9} - System32\Tasks\Scheduled scanning task => C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fsav.exe [2014-09-18] (F-Secure Corporation)
Task: {63DC5E23-BC80-46CF-BECB-A0AB4A682D05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6EF04409-C32D-4674-AB01-89ADA01EEDDF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {78E3B717-ACCB-4201-A4F2-AFD33ACB73C0} - System32\Tasks\{34607073-D075-4DCB-9656-D5C1B8B66031} => pcalua.exe -a C:\Windows\system32\DivXControlPanelApplet.cpl -c DivX Control Panel
Task: {7C013ABF-FBE6-4066-82A8-3406260CAE44} - System32\Tasks\{90404D3E-BEF9-4E85-9AB9-944FFB11D2EE} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {A1A1E06C-C11F-41F4-B3FE-D965A9C05226} - System32\Tasks\{E00E69E6-00FD-4AEA-9EF0-5A8939824F3E} => Chrome.exe 
Task: {A5D20C2B-1970-4FBB-8216-251D3A572059} - System32\Tasks\{DF196931-A459-4036-A760-71157C9FA6C7} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {AF48AFFE-2884-4D53-8260-0D9EECAAEE56} - System32\Tasks\{F5104BA5-FFDC-4DD3-8B7C-0F229D12AA5B} => pcalua.exe -a "C:\Users\Tonys\Downloads\Tonys Programes\AdobeAIRInstaller.exe" -d "C:\Users\Tonys\Downloads\Tonys Programes"
Task: {B365A3A0-7F8D-4CF4-9DF4-98C71F898CCB} - System32\Tasks\{AF499621-AD3B-48B3-9127-EEEF0A228C97} => Chrome.exe 
Task: {B67132A4-C235-431E-819E-1D85D24BC1C0} - System32\Tasks\{95ED7363-88F2-4730-8DF6-829C46E9AE89} => C:\Users\Tonys\Downloads\AM-Install.exe
Task: {B682E443-F527-448B-A351-8C31101FCA37} - System32\Tasks\{2A1A2DCE-FDAB-4523-A79E-1D2011DCA2AD} => C:\Users\Tonys\Downloads\Intel Components\SetupChipset.exe
Task: {C7C96BA2-30A1-4B67-9BE7-7E9589AC14D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {DFCE39A8-FDD8-45A8-BDA8-C55ECA753CFC} - System32\Tasks\{4445AACC-498C-485E-8C4B-2C5F597C271E} => C:\Program Files\Windows Live\Mail\wlmail.exe [2014-01-10] (Microsoft Corporation)
Task: {E864FF9A-9326-4483-81F7-FA61897932E5} - System32\Tasks\{8A4AB25A-32B1-4898-AC28-59924100DE7E} => Chrome.exe 
Task: {E94CD60B-6398-4346-AADC-F54CBB199F50} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~1\TalkTalk\Security\apps\COMPUT~1\ANTI-V~1\fsav.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-04 10:09 - 2014-08-19 12:12 - 01019672 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-12-17 17:43 - 2014-09-18 10:29 - 00045608 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\FSAVHRES.ENG
2014-10-06 15:07 - 2014-10-06 15:07 - 00220200 _____ () C:\Program Files\TalkTalk\Security\daas2.dll
2010-02-17 08:00 - 2009-12-09 17:55 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-12-17 19:41 - 2013-12-17 19:41 - 00030888 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-12-17 17:43 - 2014-12-05 09:00 - 00212008 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Spam Control\fsas.dll
2013-12-17 17:43 - 2014-11-18 12:37 - 00949288 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-12-17 17:43 - 2014-09-18 10:28 - 00056360 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\FSGUI\fsavures.ENG
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-11-27 19:49 - 2009-10-23 19:34 - 00827904 _____ () C:\Program Files\dvd43\DVD43_Tray.exe
2014-12-05 08:58 - 2014-12-05 08:58 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll
2014-11-27 13:42 - 2014-11-27 13:42 - 00879808 _____ () C:\Program Files\Comodo\Dragon\libglesv2.dll
2014-11-27 13:33 - 2014-11-27 13:33 - 00134848 _____ () C:\Program Files\Comodo\Dragon\libegl.dll
2014-11-27 13:34 - 2014-11-27 13:34 - 00956608 _____ () C:\Program Files\Comodo\Dragon\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:4BEE39B0
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16878432.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\23465867.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16878432.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\23465867.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BambooCore => C:\Program Files\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: dvd43 => C:\Program Files\dvd43\dvd43_tray.exe
MSCONFIG\startupreg: EPSON Stylus DX4000 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\Users\Tonys\AppData\Local\Temp\E_S7FA1.tmp" /EF "HKCU"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-502834427-275982630-1598586866-500 - Administrator - Disabled)
Guest (S-1-5-21-502834427-275982630-1598586866-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-502834427-275982630-1598586866-1006 - Limited - Enabled)
Tonys (S-1-5-21-502834427-275982630-1598586866-1001 - Administrator - Enabled) => C:\Users\Tonys
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2015 11:13:13 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2015-01-07  11:13:13+01:00  TONYS-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\tonys\desktop\frst.exe
 File hash: 46a4efbd1c9cd95f0308457e2ba60d52097006ac
 
Error: (01/05/2015 10:59:21 AM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
 
Error: (01/03/2015 09:25:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program E_FARNBEE.EXE version 5.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 314
 
Start Time: 01d027372b42ebb6
 
Termination Time: 16
 
Application Path: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNBEE.EXE
 
Report Id: 74a45b10-932a-11e4-85a0-406186c41e04
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (01/07/2015 10:04:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/06/2015 09:17:50 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
Error: (01/06/2015 09:17:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/06/2015 09:51:52 AM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
Error: (01/06/2015 09:51:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/05/2015 08:13:05 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
Error: (01/05/2015 08:13:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/05/2015 02:31:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.
 
Error: (01/05/2015 02:31:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.
 
Error: (01/05/2015 02:31:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 49%
Total physical RAM: 2871.11 MB
Available physical RAM: 1453.12 MB
Total Pagefile: 5740.52 MB
Available Pagefile: 3637.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.67 MB
 
==================== Drives ================================
 
Drive c: (Boot) (Fixed) (Total:276.99 GB) (Free:239.42 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:12.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2B448F9F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=277 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
 
==================== End Of Log ============================


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:28 AM

Posted 07 January 2015 - 06:39 AM

Hi there :)

please also post the content of FRST.txt.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 grouser

grouser
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcester. England
  • Local time:04:28 AM

Posted 07 January 2015 - 07:20 AM

Hi there :)

please also post the content of FRST.txt.

SORRY

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-01-2015
Ran by Tonys at 2015-01-07 11:14:45
Running from C:\Users\Tonys\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Computer Security (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AS: Computer Security (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit) (HKLM\...\{80D9592D-BB3F-42A0-9907-C0C5A26BB43A}) (Version: 1.3 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (Version: 3.0.20 - Wacom) Hidden
BBC iPlayer Downloads (HKLM\...\{26FB1064-0CC3-49D8-97AB-CAE376428297}) (Version: 1.10.0 - BBC)
Blur 4.5.1353 (HKLM\...\DoNotTrackMe Add-on_is1) (Version: 4.5.1353 - Abine Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Computer Security 14.121.102.0 (release) (Version: 14.121.102.0 - F-Secure Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectXInstallService (Version: 9.0.0 - Roxio) Hidden
DVD43 Plug-in v1.0.0.6 (HKLM\...\DVD43 Plug-in_is1) (Version:  - )
DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
ESPR220 User's Guide (HKLM\...\ESPR220 User's Guide) (Version:  - )
F-Secure CCF Reputation (Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.112.309 (release) (Version: 1.51.112.309 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.102 (Version: 1.03.102 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (Version: 1.03.159.0 - F-Secure Corporation) Hidden
GEO SD Uploader (HKLM\...\GEODataUploader.D29C1B4BCF88F186D978C8A7236B360867C6975A.1) (Version: v1.5.7 - Green Energy Options Ltd)
GEO SD Uploader (Version: 1.5.7 - Green Energy Options Ltd) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM\...\{16CA4BD4-27ED-4DA0-9190-48F69D8AAC25}) (Version: 3.0.19.44 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.385.1020 (HKLM\...\{CEBBF68C-4C3F-4D9B-8482-428E01064C31}) (Version: 3.5.385.1020 - Google, Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.5.1003 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.2.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Livebrush Mini (HKLM\...\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1) (Version: 1.5 - MoreMeYou)
Livebrush Mini (Version: 1.5 - MoreMeYou) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-502834427-275982630-1598586866-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Node.js (HKLM\...\{417EF6AA-3961-4119-9A00-312724B35D3A}) (Version: 0.10.33 - Joyent, Inc. and other Node contributors)
Online Safety 2.115.2786.1676 (Version: 2.115.2786.1676 - F-Secure Corporation) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Premier Manager 08 (HKLM\...\{456450CE-6673-4A06-A633-801480FA5841}) (Version: 1.00.0000 - Zoo Digital Publishing)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SoftOrbits Photo Retoucher 2.0 (HKLM\...\SoftOrbits Photo Retoucher_is1) (Version: 2.0 - SoftOrbits)
SopCast 3.9.2 (HKLM\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Super Safe Boost (HKLM\...\F-Secure ServiceEnabler 44515) (Version: 2.21.282.0 - F-Secure Corporation)
Super Safe Boost (Version: 2.21.282.0 - F-Secure Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TDMore DVD Converter for GOTD 1.0.0.5 (18/09/2014) (HKLM\...\TDMore DVD Converter for GOTD_is1) (Version:  - )
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.10 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
26-12-2014 22:54:54 Scheduled Checkpoint
27-12-2014 14:56:45 Removed Java 7 Update 71
27-12-2014 15:00:14 Removed Java 7 Update 71
04-01-2015 10:45:55 Scheduled Checkpoint
05-01-2015 14:25:36 Installed TomTom HOME.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01E9CE14-220B-403E-AA21-734721717FDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-31] (Adobe Systems Incorporated)
Task: {020654D6-CF8E-4397-A566-7F558A5D27DB} - System32\Tasks\{C78423A8-F7EF-4C90-B5B4-359AD87E7E4F} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {039CF364-FBFA-4CE0-B7E3-EA8502559823} - System32\Tasks\{E1A1F74D-35A3-4240-AC60-358B5786D0F5} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {1A55FC9F-6B1E-4F4F-8F2D-4C3614695FCB} - System32\Tasks\{708D3225-FDCC-4129-BA90-89E6ED4740C4} => pcalua.exe -a "C:\Users\Tonys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8MZB4A2\AdobeAIRInstaller.exe" -d C:\Users\Tonys\Desktop
Task: {24DAC3C6-90F3-4D77-91A7-39EF9A0AC015} - System32\Tasks\{B5F0DA2E-7544-4E6D-9DEF-B81910863B17} => pcalua.exe -a C:\Users\Tonys\Downloads\E-Web_Print_11000\Installer\Setup.exe -d C:\Users\Tonys\Downloads\E-Web_Print_11000\Installer
Task: {2D2DF021-5407-4142-8368-A667388AFBE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {394E66CA-AD59-4DF0-B4E2-B3E9C51997A9} - System32\Tasks\{A3EF0592-73CD-4458-B276-F94A3F97FED3} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {4A913E68-405F-410D-8F65-DC21FF5D1875} - System32\Tasks\{A997E322-3D42-44C5-B3DA-D8938633D66A} => pcalua.exe -a "C:\Users\Tonys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJJFKEPH\epson374915eu.exe" -d C:\Users\Tonys\Desktop
Task: {4CD754B2-1A65-498F-A7D1-961F52A8BAC9} - System32\Tasks\Scheduled scanning task => C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fsav.exe [2014-09-18] (F-Secure Corporation)
Task: {63DC5E23-BC80-46CF-BECB-A0AB4A682D05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6EF04409-C32D-4674-AB01-89ADA01EEDDF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {78E3B717-ACCB-4201-A4F2-AFD33ACB73C0} - System32\Tasks\{34607073-D075-4DCB-9656-D5C1B8B66031} => pcalua.exe -a C:\Windows\system32\DivXControlPanelApplet.cpl -c DivX Control Panel
Task: {7C013ABF-FBE6-4066-82A8-3406260CAE44} - System32\Tasks\{90404D3E-BEF9-4E85-9AB9-944FFB11D2EE} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {A1A1E06C-C11F-41F4-B3FE-D965A9C05226} - System32\Tasks\{E00E69E6-00FD-4AEA-9EF0-5A8939824F3E} => Chrome.exe 
Task: {A5D20C2B-1970-4FBB-8216-251D3A572059} - System32\Tasks\{DF196931-A459-4036-A760-71157C9FA6C7} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {AF48AFFE-2884-4D53-8260-0D9EECAAEE56} - System32\Tasks\{F5104BA5-FFDC-4DD3-8B7C-0F229D12AA5B} => pcalua.exe -a "C:\Users\Tonys\Downloads\Tonys Programes\AdobeAIRInstaller.exe" -d "C:\Users\Tonys\Downloads\Tonys Programes"
Task: {B365A3A0-7F8D-4CF4-9DF4-98C71F898CCB} - System32\Tasks\{AF499621-AD3B-48B3-9127-EEEF0A228C97} => Chrome.exe 
Task: {B67132A4-C235-431E-819E-1D85D24BC1C0} - System32\Tasks\{95ED7363-88F2-4730-8DF6-829C46E9AE89} => C:\Users\Tonys\Downloads\AM-Install.exe
Task: {B682E443-F527-448B-A351-8C31101FCA37} - System32\Tasks\{2A1A2DCE-FDAB-4523-A79E-1D2011DCA2AD} => C:\Users\Tonys\Downloads\Intel Components\SetupChipset.exe
Task: {C7C96BA2-30A1-4B67-9BE7-7E9589AC14D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {DFCE39A8-FDD8-45A8-BDA8-C55ECA753CFC} - System32\Tasks\{4445AACC-498C-485E-8C4B-2C5F597C271E} => C:\Program Files\Windows Live\Mail\wlmail.exe [2014-01-10] (Microsoft Corporation)
Task: {E864FF9A-9326-4483-81F7-FA61897932E5} - System32\Tasks\{8A4AB25A-32B1-4898-AC28-59924100DE7E} => Chrome.exe 
Task: {E94CD60B-6398-4346-AADC-F54CBB199F50} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~1\TalkTalk\Security\apps\COMPUT~1\ANTI-V~1\fsav.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-04 10:09 - 2014-08-19 12:12 - 01019672 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-12-17 17:43 - 2014-09-18 10:29 - 00045608 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\FSAVHRES.ENG
2014-10-06 15:07 - 2014-10-06 15:07 - 00220200 _____ () C:\Program Files\TalkTalk\Security\daas2.dll
2010-02-17 08:00 - 2009-12-09 17:55 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-12-17 19:41 - 2013-12-17 19:41 - 00030888 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-12-17 17:43 - 2014-12-05 09:00 - 00212008 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Spam Control\fsas.dll
2013-12-17 17:43 - 2014-11-18 12:37 - 00949288 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-12-17 17:43 - 2014-09-18 10:28 - 00056360 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\FSGUI\fsavures.ENG
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-11-27 19:49 - 2009-10-23 19:34 - 00827904 _____ () C:\Program Files\dvd43\DVD43_Tray.exe
2014-12-05 08:58 - 2014-12-05 08:58 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll
2014-11-27 13:42 - 2014-11-27 13:42 - 00879808 _____ () C:\Program Files\Comodo\Dragon\libglesv2.dll
2014-11-27 13:33 - 2014-11-27 13:33 - 00134848 _____ () C:\Program Files\Comodo\Dragon\libegl.dll
2014-11-27 13:34 - 2014-11-27 13:34 - 00956608 _____ () C:\Program Files\Comodo\Dragon\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:4BEE39B0
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16878432.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\23465867.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16878432.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\23465867.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BambooCore => C:\Program Files\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: dvd43 => C:\Program Files\dvd43\dvd43_tray.exe
MSCONFIG\startupreg: EPSON Stylus DX4000 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\Users\Tonys\AppData\Local\Temp\E_S7FA1.tmp" /EF "HKCU"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-502834427-275982630-1598586866-500 - Administrator - Disabled)
Guest (S-1-5-21-502834427-275982630-1598586866-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-502834427-275982630-1598586866-1006 - Limited - Enabled)
Tonys (S-1-5-21-502834427-275982630-1598586866-1001 - Administrator - Enabled) => C:\Users\Tonys
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2015 11:13:13 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2015-01-07  11:13:13+01:00  TONYS-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\tonys\desktop\frst.exe
 File hash: 46a4efbd1c9cd95f0308457e2ba60d52097006ac
 
Error: (01/05/2015 10:59:21 AM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
 
Error: (01/03/2015 09:25:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program E_FARNBEE.EXE version 5.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 314
 
Start Time: 01d027372b42ebb6
 
Termination Time: 16
 
Application Path: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNBEE.EXE
 
Report Id: 74a45b10-932a-11e4-85a0-406186c41e04
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (01/07/2015 10:04:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/06/2015 09:17:50 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
Error: (01/06/2015 09:17:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/06/2015 09:51:52 AM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
Error: (01/06/2015 09:51:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/05/2015 08:13:05 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
Error: (01/05/2015 08:13:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/05/2015 02:31:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.
 
Error: (01/05/2015 02:31:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.
 
Error: (01/05/2015 02:31:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 49%
Total physical RAM: 2871.11 MB
Available physical RAM: 1453.12 MB
Total Pagefile: 5740.52 MB
Available Pagefile: 3637.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.67 MB
 
==================== Drives ================================
 
Drive c: (Boot) (Fixed) (Total:276.99 GB) (Free:239.42 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:12.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2B448F9F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=277 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
 
==================== End Of Log ============================


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:28 AM

Posted 07 January 2015 - 11:42 AM

Now you posted the Addition.txt twice :). There should be a textfile called FRST.txt on your desktop. If not, please run a fresh scan with FRST.


Edited by schrauber, 07 January 2015 - 11:42 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 grouser

grouser
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcester. England
  • Local time:04:28 AM

Posted 07 January 2015 - 11:55 AM

Now you posted the Addition.txt twice :). There should be a textfile called FRST.txt on your desktop. If not, please run a fresh scan with FRST.

Once again I apologize for my limited knowledge

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Tonys (administrator) on TONYS-PC on 07-01-2015 16:50:03
Running from C:\Users\Tonys\Desktop\FRST-OlderVersion
Loaded Profile: Tonys (Available profiles: Tonys)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Dragon)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(F-Secure Corporation) C:\Program Files\TalkTalk\Security\fshoster32.exe
(F-Secure Corporation) C:\Program Files\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(F-Secure Corporation) C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Abine Inc.) C:\Program Files\DoNotTrackMe\AbineAutoUpdate.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(F-Secure Corporation) C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\dvd43\DVD43_Tray.exe
(F-Secure Corporation) C:\Program Files\TalkTalk\Security\fshoster32.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-09-18] (F-Secure Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [dvd43] => C:\Program Files\dvd43\dvd43_tray.exe [827904 2009-10-23] ()
HKLM\...\Run: [F-Secure Hoster (44515)] => C:\Program Files\TalkTalk\Security\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
HKLM\...\RunOnce: [AbineAutoUpdate] => C:\Program Files\DoNotTrackMe\AbineAutoUpdate.exe [126704 2014-12-01] (Abine Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-502834427-275982630-1598586866-1001\...\Run: [Power2GoExpress] =>                                                                                                                                                                                                          (the data entry has 824 more characters).
HKU\S-1-5-21-502834427-275982630-1598586866-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-502834427-275982630-1598586866-1001\...\Run: [EPSON Stylus DX4000 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [182272 2007-10-09] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-502834427-275982630-1598586866-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
HKU\S-1-5-21-502834427-275982630-1598586866-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
HKU\S-1-5-21-502834427-275982630-1598586866-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com
HKU\S-1-5-21-502834427-275982630-1598586866-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-502834427-275982630-1598586866-1001 -> {39CED4B2-1523-4BCA-9489-937B6EC47B40} URL = http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-502834427-275982630-1598586866-1001 -> {974268B0-08FD-4F47-992A-40A699EA8E55} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-502834427-275982630-1598586866-1001 -> {F636905C-0041-474D-8698-CBD185ADF3AC} URL = https://www.google.com/search?q={searchTerms}
BHO: Talk Talk Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files\TalkTalk\Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Blur BHO -> {C584D6D2-EF22-4C61-BF5B-0C7E723D836C} -> C:\Program Files\DoNotTrackMe\4.5.1353\AbineBHO.dll (Abine Inc.)
BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-502834427-275982630-1598586866-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-502834427-275982630-1598586866-1001 -> EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Tonys\AppData\Roaming\Mozilla\Firefox\Profiles\0surtp1s.default
FF Homepage: hxxp://www.bbc.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: AS Magic Player - C:\Users\Tonys\AppData\Roaming\Mozilla\Firefox\Profiles\0surtp1s.default\Extensions\magicplayer@acestream.org [2014-12-06]
FF Extension: Ghostery - C:\Users\Tonys\AppData\Roaming\Mozilla\Firefox\Profiles\0surtp1s.default\Extensions\firefox@ghostery.com.xpi [2014-08-23]
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\Tonys\AppData\Roaming\Mozilla\Firefox\Profiles\0surtp1s.default\Extensions\firefox@zenmate.com.xpi [2014-11-25]
FF Extension: Weather Forecast - C:\Users\Tonys\AppData\Roaming\Mozilla\Firefox\Profiles\0surtp1s.default\Extensions\jid1-aqwHRwQpv3JUMs@jetpack.xpi [2014-08-24]
FF Extension: AdBlock for Firefox - C:\Users\Tonys\AppData\Roaming\Mozilla\Firefox\Profiles\0surtp1s.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2014-11-20]
FF HKLM\...\Firefox\Extensions: [{45ad734b-a212-43ae-850b-3b0e23dc4f1a}] - C:\Program Files\TalkTalk\Security\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Online Safety - C:\Program Files\TalkTalk\Security\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files/TalkTalk/Security/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-09-08]
CHR HKU\S-1-5-21-502834427-275982630-1598586866-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tonys\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 fshoster; C:\Program Files\TalkTalk\Security\fshoster32.exe [187432 2014-10-06] (F-Secure Corporation)
R3 FSMA; C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-09-18] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [567064 2014-08-19] (Wacom Technology, Corp.)
S2 22c5205d; "C:\Windows\system32\rundll32.exe" "c:\Program Files\VideoCnv\Zet.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [18816 2014-11-27] (RIF) [File not signed]
R3 F-Secure Gatekeeper; C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [149544 2014-12-05] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [74920 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2014-12-05] ()
R3 fsni; C:\Program Files\TalkTalk\Security\apps\CCF_Scanning\bin\fsni32.sys [73256 2014-12-05] (F-Secure Corporation)
R1 fsvista; C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [12840 2014-09-18] ()
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [12088 2014-08-06] (Windows ® Win 7 DDK provider)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-05-24] (Rovi Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [85304 2014-08-06] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13112 2014-08-06] (Wacom Technology)
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 12:16 - 2015-01-07 16:50 - 00000000 ____D () C:\Users\Tonys\Desktop\FRST-OlderVersion
2015-01-07 11:14 - 2015-01-07 11:15 - 00030588 _____ () C:\Users\Tonys\Desktop\FRST.txt
2015-01-07 11:14 - 2015-01-07 11:15 - 00028241 _____ () C:\Users\Tonys\Desktop\Addition.txt
2015-01-07 11:13 - 2015-01-07 16:50 - 00000000 ____D () C:\FRST
2015-01-07 11:10 - 2015-01-07 12:16 - 01115648 _____ (Farbar) C:\Users\Tonys\Desktop\FRST.exe
2015-01-05 14:26 - 2015-01-05 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-01-04 10:10 - 2015-01-04 10:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2015-01-04 10:10 - 2015-01-04 10:10 - 00000000 ____D () C:\Users\Tonys\AppData\Roaming\WTablet
2015-01-04 10:10 - 2015-01-04 10:10 - 00000000 ____D () C:\Program Files\TabletPlugins
2015-01-04 10:09 - 2015-01-04 10:09 - 00000000 ____D () C:\Program Files\Tablet
2015-01-04 10:09 - 2014-08-19 12:12 - 01614104 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.dll
2015-01-04 10:09 - 2014-08-19 12:12 - 01610008 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2015-01-04 10:09 - 2014-08-19 12:12 - 01607448 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Touch_Tablet.dll
2015-01-04 10:09 - 2014-08-19 12:12 - 01493784 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2015-01-04 10:09 - 2014-08-06 11:15 - 00085304 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2015-01-04 10:09 - 2014-08-06 11:15 - 00013112 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2015-01-02 15:43 - 2015-01-02 15:43 - 00137888 _____ (Spotify Ltd) C:\Users\Tonys\Downloads\SpotifySetup.exe
2014-12-31 11:56 - 2014-12-31 11:56 - 00002995 _____ () C:\Users\Tonys\Desktop\attach.rar
2014-12-31 11:49 - 2014-12-31 11:51 - 00018260 _____ () C:\Users\Tonys\Desktop\dds.txt
2014-12-31 11:49 - 2014-12-31 11:49 - 00009538 _____ () C:\Users\Tonys\Desktop\attach.txt
2014-12-31 11:45 - 2014-12-31 11:46 - 00688992 ____R (Swearware) C:\Users\Tonys\Desktop\dds.com
2014-12-30 21:28 - 2014-12-30 21:28 - 00048392 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-12-30 21:28 - 2014-12-30 21:28 - 00001078 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-12-30 21:28 - 2014-12-30 21:28 - 00000000 ____D () C:\Users\Tonys\AppData\Local\Comodo
2014-12-30 21:28 - 2014-12-30 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-30 21:27 - 2014-12-30 21:27 - 00000000 ____D () C:\Program Files\Comodo
2014-12-30 21:26 - 2014-12-30 21:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-12-30 21:17 - 2014-12-30 21:19 - 53161456 _____ (Comodo) C:\Users\Tonys\Downloads\dragonsetup.exe
2014-12-27 18:20 - 2015-01-07 11:00 - 00334222 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 15:13 - 2014-12-27 15:15 - 00000000 ____D () C:\AdwCleaner
2014-12-27 13:23 - 2014-12-27 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-19 11:36 - 2014-12-19 13:46 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-12-18 09:16 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 18:43 - 2014-12-10 18:43 - 05009368 _____ (Adobe Systems Inc.) C:\Users\Tonys\Downloads\Shockwave_Installer_Slim.exe
2014-12-09 21:00 - 2014-12-09 21:00 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 20:00 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 19:54 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 19:54 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 19:54 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 19:54 - 2014-11-22 02:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 19:54 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 19:54 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 19:54 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 19:54 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 19:54 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 19:54 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 19:54 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 19:54 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 19:54 - 2014-11-22 01:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 19:54 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 19:54 - 2014-11-22 01:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 19:54 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 19:54 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 19:54 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 19:54 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 19:54 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 19:54 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 19:54 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 19:54 - 2014-11-22 01:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 19:54 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 19:54 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 19:54 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 19:54 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 19:54 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 19:54 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 19:53 - 2014-12-04 04:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 19:53 - 2014-12-04 04:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 19:53 - 2014-12-04 04:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 19:53 - 2014-12-04 04:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 19:53 - 2014-12-04 04:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 19:53 - 2014-12-04 04:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 19:53 - 2014-12-04 04:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 19:53 - 2014-12-01 23:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 19:53 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 19:53 - 2014-11-11 01:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 19:53 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 19:53 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 19:53 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 19:53 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 19:53 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 19:53 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 19:52 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-08 16:48 - 2015-01-07 10:04 - 00000000 ____D () C:\Program Files\DoNotTrackMe
2014-12-08 13:11 - 2014-12-16 19:46 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 16:31 - 2013-12-17 17:27 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 16:28 - 2014-11-15 21:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 10:11 - 2009-07-14 04:34 - 00018928 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 10:11 - 2009-07-14 04:34 - 00018928 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 10:04 - 2013-12-18 22:03 - 00000650 _____ () C:\Windows\Tasks\Scheduled scanning task.job
2015-01-07 10:04 - 2013-12-17 17:27 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 10:04 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 14:34 - 2010-02-17 07:36 - 00794582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 14:26 - 2013-12-18 14:06 - 00000000 ____D () C:\Program Files\TomTom HOME 2
2015-01-05 14:25 - 2013-12-18 14:05 - 00000000 ____D () C:\Users\Tonys\AppData\Local\Downloaded Installations
2015-01-03 11:08 - 2014-04-09 16:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-03 11:07 - 2014-04-11 14:11 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-12-31 12:29 - 2014-11-15 21:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-31 12:29 - 2014-11-15 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-31 12:28 - 2014-08-21 14:09 - 00000000 ____D () C:\Users\Tonys\AppData\Local\Adobe
2014-12-30 22:11 - 2013-12-17 17:27 - 00000000 ____D () C:\Users\Tonys\AppData\Local\Google
2014-12-30 22:11 - 2013-12-17 17:27 - 00000000 ____D () C:\Program Files\Google
2014-12-27 15:07 - 2014-04-20 11:57 - 00000000 ____D () C:\Users\Tonys\Documents\JavaRa-2.6
2014-12-27 14:39 - 2013-12-17 17:27 - 00000000 ____D () C:\ProgramData\Google
2014-12-27 13:03 - 2014-04-11 14:14 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-23 21:13 - 2014-06-07 10:58 - 00000000 ____D () C:\Users\Tonys\Downloads\Tonys Programes
2014-12-19 17:56 - 2014-07-11 18:26 - 00000000 ____D () C:\Users\Tonys\AppData\Local\CrashDumps
2014-12-19 15:50 - 2013-12-18 13:22 - 00000000 ____D () C:\Users\Tonys\AppData\Roaming\Audacity
2014-12-19 09:48 - 2014-11-28 08:32 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-19 09:48 - 2014-11-28 08:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-18 10:07 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-14 12:15 - 2010-02-17 09:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 12:02 - 2013-12-17 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-10 17:27 - 2013-12-18 10:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 07:58 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache
2014-12-09 21:00 - 2014-04-24 08:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-09 21:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 20:01 - 2010-02-17 08:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 19:59 - 2013-12-17 12:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 19:56 - 2010-02-17 08:17 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 10:38
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Tonys at 2015-01-07 16:50:36
Running from C:\Users\Tonys\Desktop\FRST-OlderVersion
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Computer Security (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AS: Computer Security (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit) (HKLM\...\{80D9592D-BB3F-42A0-9907-C0C5A26BB43A}) (Version: 1.3 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (Version: 3.0.20 - Wacom) Hidden
BBC iPlayer Downloads (HKLM\...\{26FB1064-0CC3-49D8-97AB-CAE376428297}) (Version: 1.10.0 - BBC)
Blur 4.5.1353 (HKLM\...\DoNotTrackMe Add-on_is1) (Version: 4.5.1353 - Abine Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Computer Security 14.121.102.0 (release) (Version: 14.121.102.0 - F-Secure Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectXInstallService (Version: 9.0.0 - Roxio) Hidden
DVD43 Plug-in v1.0.0.6 (HKLM\...\DVD43 Plug-in_is1) (Version:  - )
DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
ESPR220 User's Guide (HKLM\...\ESPR220 User's Guide) (Version:  - )
F-Secure CCF Reputation (Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.112.309 (release) (Version: 1.51.112.309 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.102 (Version: 1.03.102 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (Version: 1.03.159.0 - F-Secure Corporation) Hidden
GEO SD Uploader (HKLM\...\GEODataUploader.D29C1B4BCF88F186D978C8A7236B360867C6975A.1) (Version: v1.5.7 - Green Energy Options Ltd)
GEO SD Uploader (Version: 1.5.7 - Green Energy Options Ltd) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM\...\{16CA4BD4-27ED-4DA0-9190-48F69D8AAC25}) (Version: 3.0.19.44 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.385.1020 (HKLM\...\{CEBBF68C-4C3F-4D9B-8482-428E01064C31}) (Version: 3.5.385.1020 - Google, Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.5.1003 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.2.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Livebrush Mini (HKLM\...\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1) (Version: 1.5 - MoreMeYou)
Livebrush Mini (Version: 1.5 - MoreMeYou) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-502834427-275982630-1598586866-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Node.js (HKLM\...\{417EF6AA-3961-4119-9A00-312724B35D3A}) (Version: 0.10.33 - Joyent, Inc. and other Node contributors)
Online Safety 2.115.2786.1676 (Version: 2.115.2786.1676 - F-Secure Corporation) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Premier Manager 08 (HKLM\...\{456450CE-6673-4A06-A633-801480FA5841}) (Version: 1.00.0000 - Zoo Digital Publishing)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SoftOrbits Photo Retoucher 2.0 (HKLM\...\SoftOrbits Photo Retoucher_is1) (Version: 2.0 - SoftOrbits)
SopCast 3.9.2 (HKLM\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Super Safe Boost (HKLM\...\F-Secure ServiceEnabler 44515) (Version: 2.21.282.0 - F-Secure Corporation)
Super Safe Boost (Version: 2.21.282.0 - F-Secure Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TDMore DVD Converter for GOTD 1.0.0.5 (18/09/2014) (HKLM\...\TDMore DVD Converter for GOTD_is1) (Version:  - )
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.10 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-502834427-275982630-1598586866-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tonys\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
26-12-2014 22:54:54 Scheduled Checkpoint
27-12-2014 14:56:45 Removed Java 7 Update 71
27-12-2014 15:00:14 Removed Java 7 Update 71
04-01-2015 10:45:55 Scheduled Checkpoint
05-01-2015 14:25:36 Installed TomTom HOME.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01E9CE14-220B-403E-AA21-734721717FDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-31] (Adobe Systems Incorporated)
Task: {020654D6-CF8E-4397-A566-7F558A5D27DB} - System32\Tasks\{C78423A8-F7EF-4C90-B5B4-359AD87E7E4F} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {039CF364-FBFA-4CE0-B7E3-EA8502559823} - System32\Tasks\{E1A1F74D-35A3-4240-AC60-358B5786D0F5} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {1A55FC9F-6B1E-4F4F-8F2D-4C3614695FCB} - System32\Tasks\{708D3225-FDCC-4129-BA90-89E6ED4740C4} => pcalua.exe -a "C:\Users\Tonys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8MZB4A2\AdobeAIRInstaller.exe" -d C:\Users\Tonys\Desktop
Task: {24DAC3C6-90F3-4D77-91A7-39EF9A0AC015} - System32\Tasks\{B5F0DA2E-7544-4E6D-9DEF-B81910863B17} => pcalua.exe -a C:\Users\Tonys\Downloads\E-Web_Print_11000\Installer\Setup.exe -d C:\Users\Tonys\Downloads\E-Web_Print_11000\Installer
Task: {2D2DF021-5407-4142-8368-A667388AFBE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {394E66CA-AD59-4DF0-B4E2-B3E9C51997A9} - System32\Tasks\{A3EF0592-73CD-4458-B276-F94A3F97FED3} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {4A913E68-405F-410D-8F65-DC21FF5D1875} - System32\Tasks\{A997E322-3D42-44C5-B3DA-D8938633D66A} => pcalua.exe -a "C:\Users\Tonys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJJFKEPH\epson374915eu.exe" -d C:\Users\Tonys\Desktop
Task: {4CD754B2-1A65-498F-A7D1-961F52A8BAC9} - System32\Tasks\Scheduled scanning task => C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fsav.exe [2014-09-18] (F-Secure Corporation)
Task: {63DC5E23-BC80-46CF-BECB-A0AB4A682D05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6EF04409-C32D-4674-AB01-89ADA01EEDDF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {78E3B717-ACCB-4201-A4F2-AFD33ACB73C0} - System32\Tasks\{34607073-D075-4DCB-9656-D5C1B8B66031} => pcalua.exe -a C:\Windows\system32\DivXControlPanelApplet.cpl -c DivX Control Panel
Task: {7C013ABF-FBE6-4066-82A8-3406260CAE44} - System32\Tasks\{90404D3E-BEF9-4E85-9AB9-944FFB11D2EE} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {A1A1E06C-C11F-41F4-B3FE-D965A9C05226} - System32\Tasks\{E00E69E6-00FD-4AEA-9EF0-5A8939824F3E} => Chrome.exe 
Task: {A5D20C2B-1970-4FBB-8216-251D3A572059} - System32\Tasks\{DF196931-A459-4036-A760-71157C9FA6C7} => C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2014-12-03] ()
Task: {AF48AFFE-2884-4D53-8260-0D9EECAAEE56} - System32\Tasks\{F5104BA5-FFDC-4DD3-8B7C-0F229D12AA5B} => pcalua.exe -a "C:\Users\Tonys\Downloads\Tonys Programes\AdobeAIRInstaller.exe" -d "C:\Users\Tonys\Downloads\Tonys Programes"
Task: {B365A3A0-7F8D-4CF4-9DF4-98C71F898CCB} - System32\Tasks\{AF499621-AD3B-48B3-9127-EEEF0A228C97} => Chrome.exe 
Task: {B67132A4-C235-431E-819E-1D85D24BC1C0} - System32\Tasks\{95ED7363-88F2-4730-8DF6-829C46E9AE89} => C:\Users\Tonys\Downloads\AM-Install.exe
Task: {B682E443-F527-448B-A351-8C31101FCA37} - System32\Tasks\{2A1A2DCE-FDAB-4523-A79E-1D2011DCA2AD} => C:\Users\Tonys\Downloads\Intel Components\SetupChipset.exe
Task: {C7C96BA2-30A1-4B67-9BE7-7E9589AC14D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {DFCE39A8-FDD8-45A8-BDA8-C55ECA753CFC} - System32\Tasks\{4445AACC-498C-485E-8C4B-2C5F597C271E} => C:\Program Files\Windows Live\Mail\wlmail.exe [2014-01-10] (Microsoft Corporation)
Task: {E864FF9A-9326-4483-81F7-FA61897932E5} - System32\Tasks\{8A4AB25A-32B1-4898-AC28-59924100DE7E} => Chrome.exe 
Task: {E94CD60B-6398-4346-AADC-F54CBB199F50} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~1\TalkTalk\Security\apps\COMPUT~1\ANTI-V~1\fsav.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-04 10:09 - 2014-08-19 12:12 - 01019672 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-12-17 17:43 - 2014-09-18 10:29 - 00045608 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\FSAVHRES.ENG
2014-10-06 15:07 - 2014-10-06 15:07 - 00220200 _____ () C:\Program Files\TalkTalk\Security\daas2.dll
2010-02-17 08:00 - 2009-12-09 17:55 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-12-17 19:41 - 2013-12-17 19:41 - 00030888 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-12-17 17:43 - 2014-12-05 09:00 - 00212008 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Spam Control\fsas.dll
2013-12-17 17:43 - 2014-11-18 12:37 - 00949288 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-12-17 17:43 - 2014-09-18 10:28 - 00056360 _____ () C:\Program Files\TalkTalk\Security\apps\ComputerSecurity\FSGUI\fsavures.ENG
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-11-27 19:49 - 2009-10-23 19:34 - 00827904 _____ () C:\Program Files\dvd43\DVD43_Tray.exe
2014-12-05 08:58 - 2014-12-05 08:58 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll
2014-01-10 13:33 - 2014-01-10 13:33 - 00270024 _____ () C:\Program Files\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-01-10 13:33 - 2014-01-10 13:33 - 00270016 _____ () C:\Program Files\Windows Live\Writer\en-GB\WindowsLive.Writer.Localization.resources.dll
2014-11-27 13:42 - 2014-11-27 13:42 - 00879808 _____ () C:\Program Files\Comodo\Dragon\libglesv2.dll
2014-11-27 13:33 - 2014-11-27 13:33 - 00134848 _____ () C:\Program Files\Comodo\Dragon\libegl.dll
2014-11-27 13:34 - 2014-11-27 13:34 - 00956608 _____ () C:\Program Files\Comodo\Dragon\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:4BEE39B0
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16878432.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\23465867.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16878432.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\23465867.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BambooCore => C:\Program Files\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: dvd43 => C:\Program Files\dvd43\dvd43_tray.exe
MSCONFIG\startupreg: EPSON Stylus DX4000 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\Users\Tonys\AppData\Local\Temp\E_S7FA1.tmp" /EF "HKCU"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-502834427-275982630-1598586866-500 - Administrator - Disabled)
Guest (S-1-5-21-502834427-275982630-1598586866-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-502834427-275982630-1598586866-1006 - Limited - Enabled)
Tonys (S-1-5-21-502834427-275982630-1598586866-1001 - Administrator - Enabled) => C:\Users\Tonys
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2015 04:49:40 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 6  2015-01-07  16:49:40+01:00  TONYS-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\tonys\desktop\frst-olderversion\frst.exe
 File hash: 094234d84c05574a22e7d07d753434b0577b9ca0
 
Error: (01/07/2015 04:48:46 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 5  2015-01-07  16:48:46+01:00  TONYS-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\tonys\desktop\frst.exe
 File hash: 094234d84c05574a22e7d07d753434b0577b9ca0
 
Error: (01/07/2015 04:48:19 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 4  2015-01-07  16:48:19+01:00  TONYS-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\tonys\desktop\frst-olderversion\frst.exe
 File hash: 46a4efbd1c9cd95f0308457e2ba60d52097006ac
 
Error: (01/07/2015 02:03:23 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 3  2015-01-07  14:03:23+01:00  TONYS-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\tonys\desktop\frst-olderversion\frst.exe
 File hash: 46a4efbd1c9cd95f0308457e2ba60d52097006ac
 
Error: (01/07/2015 00:16:13 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 2  2015-01-07  12:16:13+01:00  TONYS-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\tonys\desktop\frst.exe
 File hash: 094234d84c05574a22e7d07d753434b0577b9ca0
 
Error: (01/07/2015 11:13:13 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2015-01-07  11:13:13+01:00  TONYS-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\tonys\desktop\frst.exe
 File hash: 46a4efbd1c9cd95f0308457e2ba60d52097006ac
 
Error: (01/05/2015 10:59:21 AM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
 
Error: (01/03/2015 09:25:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program E_FARNBEE.EXE version 5.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 314
 
Start Time: 01d027372b42ebb6
 
Termination Time: 16
 
Application Path: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNBEE.EXE
 
Report Id: 74a45b10-932a-11e4-85a0-406186c41e04
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/03/2015 08:41:16 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (01/07/2015 10:04:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/06/2015 09:17:50 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
Error: (01/06/2015 09:17:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/06/2015 09:51:52 AM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
Error: (01/06/2015 09:51:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/05/2015 08:13:05 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
Error: (01/05/2015 08:13:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VideoCnv service to connect.
 
Error: (01/05/2015 02:31:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.
 
Error: (01/05/2015 02:31:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.
 
Error: (01/05/2015 02:31:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk8\DR8.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 49%
Total physical RAM: 2871.11 MB
Available physical RAM: 1444.46 MB
Total Pagefile: 5740.52 MB
Available Pagefile: 3581.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.82 MB
 
==================== Drives ================================
 
Drive c: (Boot) (Fixed) (Total:276.99 GB) (Free:239.1 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:12.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2B448F9F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=277 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
 
==================== End Of Log ============================


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:28 AM

Posted 07 January 2015 - 03:17 PM

Is F-Secure still informing you about this infection? If yes, which browser do you use when the message comes up?


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 grouser

grouser
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcester. England
  • Local time:04:28 AM

Posted 07 January 2015 - 04:05 PM

Is F-Secure still informing you about this infection? If yes, which browser do you use when the message comes up?

Not since I ditched Google Chrome and started using Comodo Dragon which is a variation of chrome 



#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:28 AM

Posted 08 January 2015 - 01:11 AM

Logfiles looking good. If you want, you can switch back to chrome, when there are problems again after using chrome we can fix these in chrome itself.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 grouser

grouser
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcester. England
  • Local time:04:28 AM

Posted 08 January 2015 - 04:23 AM

Logfiles looking good. If you want, you can switch back to chrome, when there are problems again after using chrome we can fix these in chrome itself.

 Thanks Tom,Chrome re installed,what about the programes I was asked to uninstall by lighthouse party on the initial help request,found at link http://www.bleepingcomputer.com/forums/t/561113/trojan-htmlkilim-aq/



#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:28 AM

Posted 08 January 2015 - 05:36 AM

 

  • Google Toolbar for Internet Explorer
  • Java 7 Update 71

You can uninstall them :). Please test the system with Chrome, and let me know if there are any issues left :)


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 grouser

grouser
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcester. England
  • Local time:04:28 AM

Posted 08 January 2015 - 06:18 AM

 

 

  • Google Toolbar for Internet Explorer
  • Java 7 Update 71

You can uninstall them :). Please test the system with Chrome, and let me know if there are any issues left :)

 

Have re in stalled both programes and as of yet no problems have occurred after install,Thanks for your help ... B)



#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:28 AM

Posted 08 January 2015 - 06:29 AM

Perfect. Let's wait two more days, then we will cleanup our work :)
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users