Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Laptop freezes and internet surfing causes ad popups [Solved]


  • This topic is locked This topic is locked
24 replies to this topic

#1 elbowpipe

elbowpipe

    Authentic Member

  • Authentic Member
  • PipPip
  • 72 posts
  • Interests:Trad Irish and Scottish music, Gaelic song, reading fiction/non-fiction (Cormac McCarthy and Alice Munroe current faves), creative writing.

Posted 31 March 2014 - 01:19 PM

Hello,

 

since my manufacturer's free virus blocker ran out I haven't replaced it, and gradually my laptop has got slower and often freezes. Internet surfing is difficult because it seems every link I click on causes an ad popup!

 

Thank you to any kind person who can help! 

 

Simona

 

 

Logs below:

OTL:

 

OTL logfile created on: 31/03/2014 19:49:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simona\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.67 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 45.21% Memory free
5.33 Gb Paging File | 3.54 Gb Available in Paging File | 66.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 62.28 Gb Free Space | 63.78% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 67.37 Gb Free Space | 98.55% Space Free | Partition Type: NTFS
Drive E: | 299.74 Gb Total Space | 209.87 Gb Free Space | 70.02% Space Free | Partition Type: NTFS
 
Computer Name: SIMONA-PC | User Name: Simona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Simona\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - D:\DAEMON Tools Ultra\DiscSoftBusService.exe (Disc Soft Ltd)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
MOD - C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe ()
MOD - c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (BitGuard) -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Disc Soft Bus Service) -- D:\DAEMON Tools Ultra\DiscSoftBusService.exe (Disc Soft Ltd)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (mbr) -- C:\Users\Simona\AppData\Local\Temp\mbr.sys File not found
DRV - (dtscsibus) -- C:\Windows\System32\drivers\dtscsibus.sys (Disc Soft Ltd)
DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation)
DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation)
DRV - (btmaux) -- C:\Windows\System32\drivers\btmaux.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...119821&tsp=4947
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?p...97DHP&dt=072013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 44 BE F9 02 84 CE 01  [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119821&tsp=4947
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8f5010e2-9577-4aed-ad42-f2098ea15def}: C:\Program Files\LyricsPal\133.xpi [2013/09/15 21:45:43 | 000,005,847 | ---- | M] ()
 
[2013/07/19 00:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Delta Toolbar = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.2_0\
CHR - Extension: AdBlock = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: PricePeep = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\
CHR - Extension: Skype Click to Call = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: Google Wallet = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Lyrics-Pal = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbffeddnekkhjmokkhdebbfbibbflc\1.133_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Lyrics-Pal) - {ebcafb3f-5032-49f2-bf60-b99beef14b5c} - C:\Program Files\LyricsPal\133.dll ()
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKCU..\Run: [DAEMON Tools Ultra Agent] D:\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - Startup: C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk = C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe (CBS Interactive Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5A216E9-E834-460D-A68C-0055972962CE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6BA7A19-9200-47C0-8D9D-1448B3891CC5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll) - c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b73c3503-efed-11e2-9701-dca9718dc637}\Shell - "" = AutoRun
O33 - MountPoints2\{b73c3503-efed-11e2-9701-dca9718dc637}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.aacacm - C:\Windows\System32\AACACM.acm (fccHandler)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3pacm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
Drivers32: VIDC.MLCY - C:\Windows\System32\mlc.dll ()
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/31 19:46:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simona\Desktop\OTL.exe
[2014/03/30 20:45:17 | 000,000,000 | ---D | C] -- C:\Users\Simona\Desktop\is telefo11
[2014/03/17 23:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2014/03/17 23:16:38 | 000,000,000 | ---D | C] -- C:\Users\Simona\AppData\Roaming\Uniblue
[2014/03/17 23:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2014/03/17 23:11:39 | 000,000,000 | ---D | C] -- C:\Users\Simona\AppData\Roaming\Systweak
[2014/03/17 23:11:39 | 000,000,000 | ---D | C] -- C:\Users\Simona\Documents\Downloads
[2014/03/17 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download App
[2014/03/17 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Simona\AppData\Roaming\CBS Interactive
[2014/03/05 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\Simona\AppData\Local\Skype
[2014/03/05 18:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/05 18:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/31 19:46:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simona\Desktop\OTL.exe
[2014/03/31 19:25:47 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/31 19:25:47 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/31 19:23:14 | 000,664,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/31 19:23:14 | 000,124,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/31 19:21:30 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Lyrics-Pal Update.job
[2014/03/31 19:19:25 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Startup.job
[2014/03/31 19:18:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/31 19:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/31 19:18:22 | 2148,175,872 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/30 23:51:04 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Maintenance.job
[2014/03/30 23:50:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/17 23:16:42 | 000,001,151 | ---- | M] () -- C:\Users\Simona\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2014/03/17 23:16:42 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2014/03/17 23:11:17 | 000,001,170 | ---- | M] () -- C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk
[2014/03/17 23:11:17 | 000,001,154 | ---- | M] () -- C:\Users\Simona\Desktop\Download App.lnk
[2014/03/15 22:08:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/05 18:55:40 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2014/03/17 23:16:50 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC Maintenance.job
[2014/03/17 23:16:49 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC Startup.job
[2014/03/17 23:16:42 | 000,001,151 | ---- | C] () -- C:\Users\Simona\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2014/03/17 23:16:42 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2014/03/17 23:11:17 | 000,001,170 | ---- | C] () -- C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk
[2014/03/17 23:11:17 | 000,001,154 | ---- | C] () -- C:\Users\Simona\Desktop\Download App.lnk
[2014/03/05 18:55:40 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/18 23:22:57 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2013/07/18 23:13:28 | 000,963,884 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2013/07/18 23:13:27 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2013/07/18 23:13:27 | 000,221,264 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2013/07/18 23:13:27 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2013/07/18 23:13:27 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2013/07/18 23:13:27 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013/07/18 23:13:27 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/07/18 23:13:27 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013/02/27 15:57:04 | 004,283,392 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/07/17 22:22:04 | 000,179,200 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/03 10:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/05/22 08:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 22:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/07/19 00:26:41 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\BabSolution
[2013/07/19 00:26:23 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\Babylon
[2014/03/17 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\CBS Interactive
[2013/07/19 00:24:08 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\DAEMON Tools Ultra
[2013/07/19 00:26:39 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\Delta
[2013/09/24 21:24:48 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\File Scout
[2014/03/17 23:11:39 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\Systweak
[2014/03/17 23:16:38 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\Uniblue
[2013/07/19 00:27:23 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2010/11/21 01:38:36 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2010/11/21 01:38:36 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 22:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2010/11/21 01:38:27 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 01:38:27 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-7A3328DA.PF  >
[2013/11/17 21:16:46 | 000,103,350 | ---- | M] () MD5=3C5F377C35EF7A1EFD4B86772DE7C8C1 -- C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf
 
< MD5 for: EXPLORER.ZIP  >
[2006/03/07 06:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
 
< MD5 for: IEXPLORE.EXE  >
[2010/11/20 22:29:33 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/11/20 22:29:33 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/07/14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-1B894AFB.PF  >
[2014/01/18 16:39:36 | 000,378,946 | ---- | M] () MD5=F489D5293CDCF9EBD29A97C51662B0C8 -- C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf
 
< MD5 for: SERVICES  >
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 01:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2010/11/21 01:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 01:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2010/11/21 01:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2010/11/21 01:38:36 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2010/11/21 01:38:36 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 22:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/21 01:38:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2010/11/21 01:38:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-8163EECC.PF  >
[2014/01/12 22:29:22 | 000,042,148 | ---- | M] () MD5=3D6DB788375136AB0FA57B11EC2148E0 -- C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf
 
< MD5 for: WINLOGON.MFL  >
[2010/11/21 01:38:26 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2010/11/21 01:38:26 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009/07/13 21:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 22:29:06 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2013/07/18 22:45:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/03/31 19:18:22 | 2148,175,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 22:04:34 | 000,466,407 | RHS- | M] () -- C:\NQDUI
[2014/03/31 19:18:23 | 2864,234,496 | -HS- | M] () -- C:\pagefile.sys
[2013/07/18 23:16:55 | 000,002,071 | ---- | M] () -- C:\RHDSetup.log
[2013/07/18 23:16:55 | 000,000,206 | ---- | M] () -- C:\setup.log
 
< %systemroot%\Fonts\*.com >
[2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 03:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010/11/20 22:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 2683-CA76
 Directory of C:\
14/07/2009  05:53    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  05:53    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:53    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:53    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:53    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:53    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:53    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  05:53    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  05:53    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  05:53    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:53    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:53    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:53    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:53    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:53    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  05:53    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  05:53    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  05:53    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  05:53    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  05:53    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:53    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:53    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:53    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:53    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:53    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  05:53    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  05:53    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:53    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  05:53    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  05:53    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  05:53    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  05:53    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  05:53    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  05:53    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Simona
18/07/2013  21:59    <JUNCTION>     Application Data [C:\Users\Simona\AppData\Roaming]
18/07/2013  21:59    <JUNCTION>     Cookies [C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Cookies]
18/07/2013  21:59    <JUNCTION>     Local Settings [C:\Users\Simona\AppData\Local]
18/07/2013  21:59    <JUNCTION>     My Documents [C:\Users\Simona\Documents]
18/07/2013  21:59    <JUNCTION>     NetHood [C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18/07/2013  21:59    <JUNCTION>     PrintHood [C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18/07/2013  21:59    <JUNCTION>     Recent [C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Recent]
18/07/2013  21:59    <JUNCTION>     SendTo [C:\Users\Simona\AppData\Roaming\Microsoft\Windows\SendTo]
18/07/2013  21:59    <JUNCTION>     Start Menu [C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu]
18/07/2013  21:59    <JUNCTION>     Templates [C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Simona\AppData\Local
18/07/2013  21:59    <JUNCTION>     Application Data [C:\Users\Simona\AppData\Local]
18/07/2013  21:59    <JUNCTION>     History [C:\Users\Simona\AppData\Local\Microsoft\Windows\History]
18/07/2013  21:59    <JUNCTION>     Temporary Internet Files [C:\Users\Simona\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Simona\Documents
18/07/2013  21:59    <JUNCTION>     My Music [C:\Users\Simona\Music]
18/07/2013  21:59    <JUNCTION>     My Pictures [C:\Users\Simona\Pictures]
18/07/2013  21:59    <JUNCTION>     My Videos [C:\Users\Simona\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s)  67,026,071,552 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/07/18 22:23:33 | 000,000,221 | -HS- | M] () -- C:\Users\Simona\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/03/31 19:46:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simona\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
 
HijackThis:
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:03:16, on 31/03/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Simona\Desktop\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?p...97DHP&dt=072013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll
O2 - BHO: Lyrics-Pal - {ebcafb3f-5032-49f2-bf60-b99beef14b5c} - C:\Program Files\LyricsPal\133.dll
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Intel\Bluetooth\btmshell.dll",TrayApp
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "D:\DAEMON Tools Ultra\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Download App.lnk = C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll 
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - D:\DAEMON Tools Ultra\DiscSoftBusService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 8161 bytes
 
DDS:
 

.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by Simona at 20:04:40.28 on 31/03/2014
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.2732.1025 [GMT 1:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files\Intel\Bluetooth\devmonsrv.exe
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Simona\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: delta Helper Object: {c1af5fa5-852c-4c90-812e-a7f75e011d87} - c:\program files\delta\delta\1.8.21.5\bh\delta.dll
BHO: Lyrics-Pal: {ebcafb3f-5032-49f2-bf60-b99beef14b5c} - c:\program files\lyricspal\133.dll
BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - c:\program files\pricepeep\pricepeep.dll
TB: Delta Toolbar: {82e1477c-b154-48d3-9891-33d83c26bcd3} - c:\program files\delta\delta\1.8.21.5\deltaTlbr.dll
uRun: [DAEMON Tools Ultra Agent] "d:\daemon tools ultra\DTAgent.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [BTMTrayAgent] rundll32.exe "c:\program files\intel\bluetooth\btmshell.dll",TrayApp
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\users\simona\appdata\roaming\micros~1\windows\startm~1\programs\startup\downlo~1.lnk - c:\users\simona\appdata\roaming\cbs interactive\download app\CBSI.AppStore.Main.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll 
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-12-5 509440]
R2 BitGuard;BitGuard;c:\programdata\bitguard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-11-22 3780064]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\intel\bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\intel\bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-12-5 104208]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\mobilebrserv\mbbService.exe [2013-7-18 233344]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-9-16 3273088]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2013-7-18 2656536]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-12-5 141312]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\intel\bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\drivers\btmaux.sys [2011-8-30 43008]
R3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-10-11 230912]
R3 Disc Soft Bus Service;Disc Soft Bus Service;d:\daemon tools ultra\DiscSoftBusService.exe [2013-6-25 632352]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [2013-7-19 24704]
R3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2013-7-18 254800]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-10-11 47104]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2013-7-18 270336]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2013-7-18 41088]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-12-2 10299904]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2013-7-18 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2011-12-8 722704]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-12-5 141312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2013-7-18 116648]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2011-12-8 241936]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== Created Last 30 ================
.
2014-03-17 22:16:38 -------- d-----w- c:\users\simona\appdata\roaming\Uniblue
2014-03-17 22:16:38 -------- d-----w- c:\program files\Uniblue
2014-03-17 22:11:39 -------- d-----w- c:\users\simona\appdata\roaming\Systweak
2014-03-17 22:11:17 -------- d-----w- c:\users\simona\appdata\roaming\CBS Interactive
2014-03-05 17:56:00 -------- d-----w- c:\users\simona\appdata\local\Skype
.
==================== Find3M  ====================
.
.
============= FINISH: 20:05:09.65 ===============
 
Extras:
 

OTL Extras logfile created on: 31/03/2014 19:49:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simona\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.67 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 45.21% Memory free
5.33 Gb Paging File | 3.54 Gb Available in Paging File | 66.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 62.28 Gb Free Space | 63.78% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 67.37 Gb Free Space | 98.55% Space Free | Partition Type: NTFS
Drive E: | 299.74 Gb Total Space | 209.87 Gb Free Space | 70.02% Space Free | Partition Type: NTFS
 
Computer Name: SIMONA-PC | User Name: Simona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Simona\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28997F48-D669-45B7-802D-F18EE36C418B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{208A71B2-5118-43B8-9145-9CA579A1143F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A1896761-24F4-472B-8A52-6BB9B8B8B50C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A9173E82-5AEE-4C86-9126-ADEA0C24EF73}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4870341-A76C-4D46-B30F-DB4817159807}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F04FC3AD-CA37-42D1-9645-12128F9DBF0A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F536558B-B6C3-4CAA-84B9-BC7592489F99}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BitGuard
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{5526d33c-7120-4326-9097-defcbdfa0dbc}" = Lyrics-Pal
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CFAAF1E3-8C21-491E-9DD9-D60ABAFAB2BC}" = Intel® PROSet/Wireless WiFi Software
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"bi_uninstaller" = Bundled software uninstaller
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Elantech" = ETDWare PS/2-X86 10.7.17.5_WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"PricePeep" = PricePeep
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = Archiwizator WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Download App" = Download App
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06/11/2013 19:28:14 | Computer Name = Simona-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21/11/2013 08:42:37 | Computer Name = Simona-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13/12/2013 18:28:16 | Computer Name = Simona-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/02/2014 15:58:03 | Computer Name = Simona-PC | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 6.10.0.104 stopped interacting with 
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: e98    Start
 Time: 01cef8529e6fcbcc    Termination Time: 101    Application Path: C:\Program Files\Skype\Phone\Skype.exe
 
Report
 Id: a38cf290-8dd6-11e3-9945-dca9718dc637  
 
Error - 05/03/2014 13:54:16 | Computer Name = Simona-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/03/2014 15:27:10 | Computer Name = Simona-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17/03/2014 18:15:09 | Computer Name = Simona-PC | Source = VSS | ID = 8194
Description = 
 
Error - 25/03/2014 17:28:26 | Computer Name = Simona-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31/03/2014 14:18:56 | Computer Name = Simona-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ZeroConfigService.exe, version: 15.0.0.1,
 time stamp: 0x4ee0f692  Faulting module name: MurocApi.dll, version: 15.0.0.1, time
 stamp: 0x4ee0f57a  Exception code: 0xc0000005  Fault offset: 0x0001fc63  Faulting process
 id: 0x8fc  Faulting application start time: 0x01cf4d0da4da7873  Faulting application
 path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe  Faulting module path:
 C:\Program Files\Intel\WiFi\bin\MurocApi.dll  Report Id: eb9ca3bf-b900-11e3-bd02-dca9718dc637
 
Error - 31/03/2014 14:19:11 | Computer Name = Simona-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16/10/2013 23:43:46 | Computer Name = Simona-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Netman service.
 
Error - 26/10/2013 17:00:48 | Computer Name = Simona-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:12:14 on ?25/?10/?2013 was unexpected.
 
Error - 30/10/2013 16:22:05 | Computer Name = Simona-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:21:16 on ?30/?10/?2013 was unexpected.
 
Error - 01/11/2013 20:51:42 | Computer Name = Simona-PC | Source = Service Control Manager | ID = 7023
Description = The Intel® PROSet/Wireless Zero Configuration Service service terminated
 with the following error:   %%-2147196306
 
Error - 01/11/2013 20:52:09 | Computer Name = Simona-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error:   %%13
 
Error - 06/11/2013 19:27:56 | Computer Name = Simona-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 03:51:01 on ?06/?11/?2013 was unexpected.
 
Error - 14/12/2013 08:25:24 | Computer Name = Simona-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 25/12/2013 08:28:50 | Computer Name = Simona-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30/03/2014 16:44:07 | Computer Name = Simona-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 31/03/2014 14:19:15 | Computer Name = Simona-PC | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Zero Configuration Service service terminated
 unexpectedly.  It has done this 1 time(s).
 
 
< End of report >
 
 

 

Attached Files


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,250 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 April 2014 - 02:21 AM

Hello elbowpipe and welcome to the WTT forum.

 

My name is Satchfan and I would be glad to help you with your computer problem.

 

Please read the following guidelines which will help to make cleaning your machine easier:

 

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

 

Please DO NOT install/uninstall any programs unless asked to.

Please DO NOT run any scans other than those requested

 

I am looking at your logs now and will reply with instructions shortly.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,250 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 April 2014 - 03:50 AM

Hello again elbowpipe

Registry cleaners

I see you are using a “Registry Cleaner”, Systweak. It's not a good idea to use registry cleaners/boosters.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I strongly advise you to get rid of Systweak, Uniblue and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other  computer.

One of the malware experts, miekiemoes, has an excellent write-up here
Another excellent article by Bill Castner is located here

===================================================

Uninstall programs

Please uninstall these programs:

BitGuard
Delta Chrome Toolbar
Delta toolbar  
Lyrics-Pal
PricePeep
SpeedUpMyPC

  • click Start, Control Panel, Programs and Features
  • click on BitGuard and then Uninstall
  • repeat this for the other programs listed above.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
 

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

Please run OTL again and send a new log.

Logs to include with next post:

AdwCleaner log
aswMBR log
New OTL log


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#4 elbowpipe

elbowpipe

    Authentic Member

  • Authentic Member
  • PipPip
  • 72 posts
  • Interests:Trad Irish and Scottish music, Gaelic song, reading fiction/non-fiction (Cormac McCarthy and Alice Munroe current faves), creative writing.

Posted 01 April 2014 - 09:24 AM

Thanks so much Satchfan, for your speedy response!

 

The programs you mentioned have now been deleted. I wondered about Win07codecs by Shark007?

 

Logs below as requested:

 

AdwCleaner:

 

# AdwCleaner v3.023 - Report created 01/04/2014 at 15:51:16
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Simona - SIMONA-PC
# Running from : C:\Users\Simona\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Simona\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Simona\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Simona\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Simona\AppData\Roaming\file scout
Folder Deleted : C:\Users\Simona\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Simona\Documents\BitLord
Folder Deleted : C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
File Deleted : C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage
File Deleted : C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage-journal
File Deleted : C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BitGuard
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{229AB28A-FD06-40DF-B471-B05345B6EB71}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{229AB28A-FD06-40DF-B471-B05345B6EB71}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lyrics_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lyrics_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricepeep_130001_0101_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricepeep_130001_0101_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKCU\Software\590d6dae76deb47
Key Deleted : HKLM\SOFTWARE\590d6dae76deb47
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\lyricspal
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5270 octets] - [01/04/2014 15:50:16]
AdwCleaner[S0].txt - [5195 octets] - [01/04/2014 15:51:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5255 octets] ##########
==========================================================================
 
 
asMBR:
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-01 15:56:44
-----------------------------
15:56:44.715    OS Version: Windows 6.1.7601 Service Pack 1
15:56:44.715    Number of processors: 4 586 0x2A07
15:56:44.717    ComputerName: SIMONA-PC  UserName: Simona
15:56:45.514    Initialize success
16:00:39.497    AVAST engine defs: 14040100
16:01:06.137    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:01:06.139    Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 476940MB BusType: 3
16:01:06.275    Disk 0 MBR read successfully
16:01:06.277    Disk 0 MBR scan
16:01:06.281    Disk 0 Windows 7 default MBR code
16:01:06.285    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        99998 MB offset 63
16:01:06.289    Disk 0 Partition - 00     0F Extended LBA            376931 MB offset 204796620
16:01:06.311    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        70001 MB offset 204796683
16:01:06.316    Disk 0 Partition - 00     05     Extended            306929 MB offset 348160680
16:01:06.333    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       306929 MB offset 348160743
16:01:06.339    Disk 0 scanning sectors +976752000
16:01:06.413    Disk 0 scanning C:\Windows\system32\drivers
16:01:13.982    Service scanning
16:01:34.947    Modules scanning
16:01:39.975    Disk 0 trace - called modules:
16:01:39.998    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
16:01:40.003    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877ee258]
16:01:40.009    3 CLASSPNP.SYS[8abb259e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85c9a028]
16:01:40.682    AVAST engine scan C:\Windows
16:01:42.112    AVAST engine scan C:\Windows\system32
16:03:52.828    AVAST engine scan C:\Windows\system32\drivers
16:04:01.517    AVAST engine scan C:\Users\Simona
16:07:40.551    File: C:\Users\Simona\AppData\Local\Temp\setup_fsu_cid.exe  **INFECTED** Win32:Dropper-gen [Drp]
16:08:32.847    File: C:\Users\Simona\Downloads\online-video-accelerator_setup.exe  **INFECTED** Win32:Adware-AZL [Adw]
16:09:11.481    AVAST engine scan C:\ProgramData
16:09:27.539    Scan finished successfully
16:12:59.432    Disk 0 MBR has been saved successfully to "C:\Users\Simona\Desktop\MBR.dat"
16:12:59.439    The log file has been saved successfully to "C:\Users\Simona\Desktop\aswMBR.txt"
 
=================================================================================================
 
OTL:
 

OTL logfile created on: 01/04/2014 16:13:48 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simona\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.67 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 41.80% Memory free
5.33 Gb Paging File | 3.27 Gb Available in Paging File | 61.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 62.28 Gb Free Space | 63.77% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 67.37 Gb Free Space | 98.55% Space Free | Partition Type: NTFS
Drive E: | 299.74 Gb Total Space | 209.87 Gb Free Space | 70.02% Space Free | Partition Type: NTFS
 
Computer Name: SIMONA-PC | User Name: Simona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Simona\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe (CBS Interactive Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - D:\DAEMON Tools Ultra\DiscSoftBusService.exe (Disc Soft Ltd)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
MOD - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Flow.dll ()
MOD - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\libcurl.dll ()
MOD - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\libxml2.dll ()
MOD - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\zlib.dll ()
MOD - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\libGLESv2.dll ()
MOD - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\libEGL.dll ()
MOD - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\libcef.dll ()
MOD - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\ffmpegsumo.dll ()
MOD - C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\sqlite3.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Disc Soft Bus Service) -- D:\DAEMON Tools Ultra\DiscSoftBusService.exe (Disc Soft Ltd)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (ryiqzhck) -- C:\Windows\system32\drivers\ryiqzhck.sys File not found
DRV - (aswMBR) -- C:\Users\Simona\AppData\Local\Temp\aswMBR.sys File not found
DRV - (dtscsibus) -- C:\Windows\System32\drivers\dtscsibus.sys (Disc Soft Ltd)
DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation)
DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation)
DRV - (btmaux) -- C:\Windows\System32\drivers\btmaux.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?p...97DHP&dt=072013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 44 BE F9 02 84 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013/07/19 00:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: Skype Click to Call = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15705.1852_0\
CHR - Extension: Google Wallet = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKCU..\Run: [DAEMON Tools Ultra Agent] D:\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - Startup: C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk = C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe (CBS Interactive Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5A216E9-E834-460D-A68C-0055972962CE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6BA7A19-9200-47C0-8D9D-1448B3891CC5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b73c3503-efed-11e2-9701-dca9718dc637}\Shell - "" = AutoRun
O33 - MountPoints2\{b73c3503-efed-11e2-9701-dca9718dc637}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/01 15:55:33 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Simona\Desktop\aswMBR.exe
[2014/04/01 15:53:00 | 000,000,000 | ---D | C] -- C:\Users\Simona\AppData\Roaming\Systweak
[2014/04/01 15:50:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/31 20:00:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Simona\Desktop\HiJackThis.exe
[2014/03/31 19:46:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simona\Desktop\OTL.exe
[2014/03/30 20:45:17 | 000,000,000 | ---D | C] -- C:\Users\Simona\Desktop\is telefo11
[2014/03/17 23:11:39 | 000,000,000 | ---D | C] -- C:\Users\Simona\Documents\Downloads
[2014/03/17 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download App
[2014/03/17 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Simona\AppData\Roaming\CBS Interactive
[2014/03/05 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\Simona\AppData\Local\Skype
[2014/03/05 18:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/05 18:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/01 16:12:59 | 000,000,512 | ---- | M] () -- C:\Users\Simona\Desktop\MBR.dat
[2014/04/01 16:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/01 15:59:58 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/01 15:59:58 | 000,023,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/01 15:58:41 | 000,664,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/01 15:58:41 | 000,124,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/01 15:55:49 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Simona\Desktop\aswMBR.exe
[2014/04/01 15:52:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/01 15:52:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/01 15:52:20 | 2148,175,872 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/01 15:48:49 | 001,426,178 | ---- | M] () -- C:\Users\Simona\Desktop\adwcleaner.exe
[2014/03/31 20:17:48 | 000,001,550 | ---- | M] () -- C:\Users\Simona\Desktop\Attach.zip
[2014/03/31 20:00:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Simona\Desktop\HiJackThis.exe
[2014/03/31 19:46:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simona\Desktop\OTL.exe
[2014/03/31 19:36:37 | 000,625,664 | ---- | M] () -- C:\Users\Simona\Desktop\dds.scr
[2014/03/17 23:11:17 | 000,001,170 | ---- | M] () -- C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk
[2014/03/17 23:11:17 | 000,001,154 | ---- | M] () -- C:\Users\Simona\Desktop\Download App.lnk
[2014/03/15 22:08:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/05 18:55:40 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/01 16:12:59 | 000,000,512 | ---- | C] () -- C:\Users\Simona\Desktop\MBR.dat
[2014/04/01 15:48:39 | 001,426,178 | ---- | C] () -- C:\Users\Simona\Desktop\adwcleaner.exe
[2014/03/31 20:17:48 | 000,001,550 | ---- | C] () -- C:\Users\Simona\Desktop\Attach.zip
[2014/03/31 19:36:34 | 000,625,664 | ---- | C] () -- C:\Users\Simona\Desktop\dds.scr
[2014/03/17 23:11:17 | 000,001,170 | ---- | C] () -- C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk
[2014/03/17 23:11:17 | 000,001,154 | ---- | C] () -- C:\Users\Simona\Desktop\Download App.lnk
[2014/03/05 18:55:40 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/18 23:22:57 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2013/07/18 23:13:28 | 000,963,884 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2013/07/18 23:13:27 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2013/07/18 23:13:27 | 000,221,264 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2013/07/18 23:13:27 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2013/07/18 23:13:27 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2013/07/18 23:13:27 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013/07/18 23:13:27 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/07/18 23:13:27 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013/02/27 15:57:04 | 004,283,392 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/07/17 22:22:04 | 000,179,200 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/03 10:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/05/22 08:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 22:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/03/17 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\CBS Interactive
[2013/07/19 00:24:08 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\DAEMON Tools Ultra
[2014/04/01 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\Systweak
[2013/07/19 00:27:23 | 000,000,000 | ---D | M] -- C:\Users\Simona\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 
 
< End of report >
 
 


#5 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,250 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 April 2014 - 01:01 PM

Hi Duncan

I don’t see anything else malicious here and a couple more scans should show up anything else but as you have no active antivirus at the moment, please don’t use the Internet except to follow these instructions until I tell you you’re all clear.
 

I wondered about Win07codecs by Shark007?

Yes; uninstall that also.

Download Malwarebytes-Anti-Malware

Click here (at the top of the page, click on "Download Current Version")

  • double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Can you tell me if there are any outstanding problems.

Satchfan
 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#6 elbowpipe

elbowpipe

    Authentic Member

  • Authentic Member
  • PipPip
  • 72 posts
  • Interests:Trad Irish and Scottish music, Gaelic song, reading fiction/non-fiction (Cormac McCarthy and Alice Munroe current faves), creative writing.

Posted 01 April 2014 - 04:19 PM

Hi Satchfan,

 

logs below:

 

SCAN:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 01/04/2014
Scan Time: 23:11:17
Logfile: 
Administrator: Yes
 
Version: 2.00.0.1000
Malware Database: v2014.04.01.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Simona
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 217212
Time Elapsed: 7 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 4
PUP.Optional.Delta.A, C:\Users\Simona\AppData\Local\Temp\mt_ffx\Delta, Quarantined, [2a039d8884f77bbb8f698bc604fef30d], 
PUP.Optional.Delta.A, C:\Users\Simona\AppData\Local\Temp\mt_ffx\Delta\delta, Quarantined, [2a039d8884f77bbb8f698bc604fef30d], 
PUP.Optional.Delta.A, C:\Users\Simona\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5, Quarantined, [2a039d8884f77bbb8f698bc604fef30d], 
PUP.Optional.HDStreamer, C:\Users\Simona\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb, Quarantined, [72bb65c0681383b3774666eeaf537a86], 
 
Files: 33
PUP.Optional.FileScout.A, C:\Users\Simona\AppData\Local\Temp\setup_fsu_cid.exe, Quarantined, [2904a4818fec54e24a8917e88f71ec14], 
PUP.Optional.PricePeep.A, C:\Users\Simona\AppData\Local\Temp\pricepeep_130001_0101.exe, Quarantined, [1b12ce5786f5f541d5202015689903fd], 
PUP.Optional.Somoto.A, C:\Users\Simona\AppData\Local\Temp\nsl12C7.tmp, Quarantined, [ac81df461b608caa636ab15ebd44768a], 
PUP.Optional.Somoto.A, C:\Users\Simona\AppData\Local\Temp\nsy5DED.tmp, Quarantined, [1419ed38c2b96acce3eafe11dd2411ef], 
PUP.Optional.Somoto, C:\Users\Simona\AppData\Local\Temp\bitool.dll, Quarantined, [e647b17482f939fdc3816e8488791ee2], 
PUP.Optional.AdLyrics, C:\Users\Simona\AppData\Local\Temp\lyricsPaltmp.exe, Quarantined, [77b6cf5634472313c79516f91de455ab], 
PUP.Optional.LyricsAd, C:\Users\Simona\AppData\Local\Temp\LyricsPal_1060-8101_v122.exe, Quarantined, [06276abbb7c41323ef1a8977a8593bc5], 
PUP.Optional.Babylon.A, C:\Users\Simona\AppData\Local\Temp\DeltaTB.exe, Quarantined, [84a9cb5ab3c82e08d90d20dd44bc817f], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\bus1593\CrxUpdater_d.exe, Quarantined, [e4491411e19ad85ecc4eb32e7d8623dd], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\bus474D\CrxUpdater_d.exe, Quarantined, [aa83a38265163ef8d347a839b053e917], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\bus4E43\CrxUpdater_d.exe, Quarantined, [5ecf6db8dd9e3bfbc753637e44bf9a66], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\bus51AE\CrxUpdater_d.exe, Quarantined, [6cc1c461750623138892538eee157a86], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\bus64A4\CrxUpdater_d.exe, Quarantined, [86a736efc4b7de5830ea35ac5ba849b7], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\bus75FC\CrxUpdater_d.exe, Quarantined, [0528ce57ed8e59ddd8423ba64bb845bb], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\bus798E\CrxUpdater_d.exe, Quarantined, [9499061f5526e84e21f905dc29dadf21], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\bus7D81\CrxUpdater_d.exe, Quarantined, [2a03c1640d6e072f2cee9a47cf34b749], 
PUP.Optional.BabSolution.A, C:\Users\Simona\AppData\Local\Temp\busB384\BUSolution.dll, Quarantined, [a7866abbb8c3270f67f4b153917047b9], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\busBCCB\CrxUpdater_d.exe, Quarantined, [f73666bfc0bb59dd40daac3518eb4bb5], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\busC690\CrxUpdater_d.exe, Quarantined, [ea434dd88bf023130a104e93a36033cd], 
PUP.Optional.CRX.A, C:\Users\Simona\AppData\Local\Temp\busF724\CrxUpdater_d.exe, Quarantined, [2409111484f70b2b0c0edd04af54e51b], 
PUP.Optional.Babylon.A, C:\Users\Simona\AppData\Local\Temp\8491299D-BAB0-7891-A388-90829FA733AB\Latest\BExternal.dll, Quarantined, [7cb158cd7605191deff0fa2868987987], 
PUP.Optional.Babylon.A, C:\Users\Simona\AppData\Local\Temp\8491299D-BAB0-7891-A388-90829FA733AB\Latest\CrxInstaller.dll, Quarantined, [939abe670a71e74f9c73cd446998d729], 
PUP.Optional.Delta, C:\Users\Simona\AppData\Local\Temp\8491299D-BAB0-7891-A388-90829FA733AB\Latest\MyDeltaTB.exe, Quarantined, [9895ab7a3843a0963ac2ba46b150ea16], 
PUP.Optional.Babylon.A, C:\Users\Simona\AppData\Local\Temp\8491299D-BAB0-7891-A388-90829FA733AB\Latest\Setup.exe, Quarantined, [88a577ae98e38caaf932938ba55b5ba5], 
PUP.Optional.OpenCandy, C:\Users\Simona\Downloads\DAEMONToolsUltra110-0103.exe, Quarantined, [eb42dc49146771c5fe75191ae123e41c], 
PUP.Downware, C:\Users\Simona\Downloads\online-video-accelerator_setup.exe, Quarantined, [131a2cf994e7cd697bf3f5086997f907], 
PUP.Optional.Amonetize.A, C:\Users\Simona\Downloads\Unlimited Downloads__3339_i409744226_il50.exe, Quarantined, [1a1348dd0e6d38fe54f5f544a060ce32], 
PUP.Optional.Somoto, C:\Users\Simona\Downloads\VLCMediaPlayerSetup-aXHAdEK.exe, Quarantined, [929bbf66a9d2c274d0dbfa38bd47867a], 
PUP.Optional.Installex, C:\Users\Simona\Downloads\Safe.Haven.2013.R5.CAM.AUDiO.XviD-BiDA (1).exe, Quarantined, [a08d9392601b67cf8410758828d87b85], 
PUP.Optional.Installex, C:\Users\Simona\Downloads\Safe.Haven.2013.R5.CAM.AUDiO.XviD-BiDA.exe, Quarantined, [74b962c3c2b9ba7c682cbf3e6d93e818], 
PUP.Optional.Solimba, C:\Users\Simona\Downloads\Setup (1).exe, Quarantined, [6ac3879ecfac3303375bc03dd32d2fd1], 
PUP.Optional.Solimba, C:\Users\Simona\Downloads\Setup (2).exe, Quarantined, [8ba2b570c9b2d066048ee11c709002fe], 
PUP.Optional.Solimba, C:\Users\Simona\Downloads\Setup (3).exe, Quarantined, [ba7348dda7d446f0187aac5152aef907], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Protection Log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 01/04/2014 23:02:29, SYSTEM, SIMONA-PC, Protection, Malware Protection, Starting, 
Protection, 01/04/2014 23:02:29, SYSTEM, SIMONA-PC, Protection, Malware Protection, Started, 
Protection, 01/04/2014 23:02:29, SYSTEM, SIMONA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 01/04/2014 23:02:33, SYSTEM, SIMONA-PC, Protection, Malicious Website Protection, Started, 
Update, 01/04/2014 23:02:45, SYSTEM, SIMONA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, 
Update, 01/04/2014 23:02:56, SYSTEM, SIMONA-PC, Manual, Malware Database, 2014.3.4.9, 2014.4.1.9, 
Protection, 01/04/2014 23:02:58, SYSTEM, SIMONA-PC, Protection, Refresh, Starting, 
Protection, 01/04/2014 23:02:58, SYSTEM, SIMONA-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 01/04/2014 23:02:58, SYSTEM, SIMONA-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 01/04/2014 23:03:02, SYSTEM, SIMONA-PC, Protection, Refresh, Success, 
Protection, 01/04/2014 23:03:04, SYSTEM, SIMONA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 01/04/2014 23:03:05, SYSTEM, SIMONA-PC, Protection, Malicious Website Protection, Started, 
Protection, 01/04/2014 23:14:06, SYSTEM, SIMONA-PC, Protection, Malware Protection, Starting, 
Protection, 01/04/2014 23:14:06, SYSTEM, SIMONA-PC, Protection, Malware Protection, Started, 
Protection, 01/04/2014 23:14:06, SYSTEM, SIMONA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 01/04/2014 23:14:23, SYSTEM, SIMONA-PC, Protection, Malicious Website Protection, Started, 
 
(end)


#7 elbowpipe

elbowpipe

    Authentic Member

  • Authentic Member
  • PipPip
  • 72 posts
  • Interests:Trad Irish and Scottish music, Gaelic song, reading fiction/non-fiction (Cormac McCarthy and Alice Munroe current faves), creative writing.

Posted 01 April 2014 - 04:22 PM

I was going to install AVG as it's completely free whereas Malwarebytes runs out after trial?



#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,250 posts
  • Interests:LFC, music, more LFC, more music

Posted 02 April 2014 - 12:52 AM

Morning Duncan

 

Malwarebytes is not an antivirus but please don’t install any antivirus until we are all clear. I’ll advise you of some good free ones when we tidy up.

Meanwhile, we have a few more scans to run.

===================================================

Run Security Check

Download Security Check by screen317 from here or here.
 

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button.
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Scan archives and Remove found threats
  • click Advanced settings and select the following:


    o    Scan potentially unwanted applications
    o    Scan for potentially unsafe applications
    o    Enable Anti-Stealth technology
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Note - if ESET doesn't find any threats, no report will be created.
     
  • push the back button
  • push Finish

When the scan is complete:

If no threats were found:

o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found

If threats were found:

o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.

Please tell me the situation now and if there are any remaining problems,

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 elbowpipe

elbowpipe

    Authentic Member

  • Authentic Member
  • PipPip
  • 72 posts
  • Interests:Trad Irish and Scottish music, Gaelic song, reading fiction/non-fiction (Cormac McCarthy and Alice Munroe current faves), creative writing.

Posted 02 April 2014 - 09:32 AM

Hi Satchfan,

 

ESET results below:

 

C:\AdwCleaner\Quarantine\C\Users\Simona\AppData\Local\Bundled software uninstaller\bi_client (1).exe.vir Win32/Somoto.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Simona\AppData\Local\Bundled software uninstaller\bi_client.exe.vir Win32/Somoto.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Simona\AppData\Roaming\file scout\filescout.exe.vir a variant of Win32/FileScout.A potentially unwanted application
C:\Users\Simona\AppData\Local\Temp\che1CD6.tmp Win32/AdWare.AddLyrics.T application
C:\Users\Simona\AppData\Local\Temp\cheBE93.tmp Win32/Adware.AddLyrics.L application
C:\Users\Simona\AppData\Local\Temp\cheE77F.tmp Win32/Adware.AddLyrics.L application
C:\Users\Simona\AppData\Local\Temp\8491299D-BAB0-7891-A388-90829FA733AB\Latest\BabMaint.exe Win32/Toolbar.Babylon.I potentially unwanted application
C:\Users\Simona\AppData\Local\Temp\8491299D-BAB0-7891-A388-90829FA733AB\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Simona\AppData\Local\Temp\8491299D-BAB0-7891-A388-90829FA733AB\Latest\Delta.crx a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\Users\Simona\AppData\Local\Temp\8491299D-BAB0-7891-A388-90829FA733AB\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Simona\AppData\Local\Temp\8491299D-BAB0-7891-A388-90829FA733AB\Latest\MntrDLLInstall.dll a variant of Win32/Toolbar.Babylon.V potentially unwanted application
C:\Users\Simona\AppData\Local\Temp\is-JKFRJ.tmp\SpeedUpMyPC-standalone-setup.exe Win32/SpeedUpMyPC potentially unwanted application
C:\Users\Simona\Downloads\FlashPlayer (1).exe Win32/DomaIQ.F potentially unwanted application
C:\Users\Simona\Downloads\FlashPlayer (2).exe Win32/DomaIQ.F potentially unwanted application
C:\Users\Simona\Downloads\FlashPlayer.exe a variant of Win32/DomaIQ.T.gen potentially unwanted application
C:\Users\Simona\Downloads\setup.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Users\Simona\Downloads\speedupmypc.exe Win32/SpeedUpMyPC.A potentially unwanted application
E:\simona\Videos\BitLord Downloads\The Blind Side {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi Win32/Toolbar.Conduit.A potentially unwanted application
E:\simona\Videos\BitLord Downloads\The Blind Side {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
 
No other symptoms. There's a Download App which keeps being updated I'm not sure of. 


#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,250 posts
  • Interests:LFC, music, more LFC, more music

Posted 02 April 2014 - 09:37 AM

Hi

 

I have to leave for a while now but meanwhile, can you give me any information about the "Download App" - name or location etc.

 

Also can you send the other log (SecCheck) when you reply.

 

Thanks

 

Nina


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#11 elbowpipe

elbowpipe

    Authentic Member

  • Authentic Member
  • PipPip
  • 72 posts
  • Interests:Trad Irish and Scottish music, Gaelic song, reading fiction/non-fiction (Cormac McCarthy and Alice Munroe current faves), creative writing.

Posted 02 April 2014 - 12:17 PM

Hi Nina,

 

Download App would appear to be what it says on the tin - it assists with downloading -  "powered by C|NET" ??

 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 ESET ESET Online Scanner OnlineScannerApp.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 


#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,250 posts
  • Interests:LFC, music, more LFC, more music

Posted 02 April 2014 - 03:17 PM

We’ll clear up what was found by the scan and then I’d like a different look.

Please copy all text in the code box below and paste it into Notepad:
 


@echo off
del /f /s /q "C:\Users\Simona\Downloads\FlashPlayer (1).exe”
del /f /s /q "C:\Users\Simona\Downloads\FlashPlayer (2).exe Win32/DomaIQ.F”
del /f /s /q "C:\Users\Simona\Downloads\FlashPlayer.exe”
del /f /s /q "C:\Users\Simona\Downloads\setup.exe Win32/Toolbar.Conduit.S”
del /f /s /q "C:\Users\Simona\Downloads\speedupmypc.exe Win32/SpeedUpMyPC”
del /f /s /q "E:\simona\Videos\BitLord Downloads\The Blind Side {2009} DVDRIP. Jaybob\jaybob's_movies_Toolbar_Firefox.xpi Win32/Toolbar.Conduit.A”
del /f /s /q "E:\simona\Videos\BitLord Downloads\The Blind Side {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

==============================================

Download and run ComboFix

Download Combofix from either of the links below, and save it to your desktop.  

Link 1
Link 2

**Note:  It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
 

  • when finished, it will produce a report for you.  
  • please post C:\ComboFix.txt in your reply.

Satchfan
 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 elbowpipe

elbowpipe

    Authentic Member

  • Authentic Member
  • PipPip
  • 72 posts
  • Interests:Trad Irish and Scottish music, Gaelic song, reading fiction/non-fiction (Cormac McCarthy and Alice Munroe current faves), creative writing.

Posted 02 April 2014 - 03:56 PM

Hi Nina,

 

ComboFix 14-03-24.01 - Simona 02/04/2014  22:49:40.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.2732.898 [GMT 1:00]
Running from: c:\users\Simona\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-02 to 2014-04-02  )))))))))))))))))))))))))))))))
.
.
2014-04-02 21:54 . 2014-04-02 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-02 14:41 . 2014-03-17 09:16 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{145B79B8-F020-4CBD-B039-DE36F3933BCA}\mpengine.dll
2014-04-02 14:38 . 2014-04-02 14:38 -------- d-----w- c:\program files\ESET
2014-04-01 22:02 . 2014-04-02 20:30 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-01 22:01 . 2014-03-05 08:26 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-01 22:01 . 2014-03-05 08:26 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-01 22:01 . 2014-03-05 08:26 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-01 22:01 . 2014-04-01 22:01 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-01 22:01 . 2014-04-01 22:01 -------- d-----w- c:\programdata\Malwarebytes
2014-04-01 17:15 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-01 17:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-04-01 17:15 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-04-01 17:15 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-04-01 17:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-04-01 17:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-04-01 17:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-04-01 17:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-04-01 17:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-04-01 17:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-04-01 17:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-04-01 17:09 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-01 17:09 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-04-01 14:53 . 2014-04-01 14:53 -------- d-----w- c:\users\Simona\AppData\Roaming\Systweak
2014-04-01 14:50 . 2014-04-01 14:51 -------- d-----w- C:\AdwCleaner
2014-03-17 22:11 . 2014-03-17 22:11 -------- d-----w- c:\users\Simona\AppData\Roaming\CBS Interactive
2014-03-05 17:56 . 2014-03-05 17:56 -------- d-----w- c:\users\Simona\AppData\Local\Skype
2014-03-05 17:55 . 2014-03-05 17:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Ultra Agent"="d:\daemon tools ultra\DTAgent.exe" [2013-06-25 3128352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-03 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-03 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-03 177944]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-07-12 10754664]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-06-07 2199376]
"BTMTrayAgent"="c:\program files\Intel\Bluetooth\btmshell.dll" [2011-10-18 9894160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
c:\users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Download App.lnk - c:\users\Simona\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe /HIDEWINDOW [2014-3-6 1505928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 ryiqzhck;ryiqzhck;c:\windows\system32\drivers\ryiqzhck.sys [x]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2012-06-28 233344]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-12-05 141312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 241936]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-05 509440]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-05 104208]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 722704]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-12-05 141312]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 43008]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 230912]
S3 Disc Soft Bus Service;Disc Soft Bus Service;d:\daemon tools ultra\DiscSoftBusService.exe [2013-06-25 632352]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys [2013-07-18 24704]
S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-06-07 254800]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 47104]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-03-05 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-02 107736]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-03-05 51416]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-12-02 10299904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 21:04 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 22:35]
.
2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 22:35]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-02  22:55:57
ComboFix-quarantined-files.txt  2014-04-02 21:55
.
Pre-Run: 63,901,839,360 bytes free
Post-Run: 64,704,081,920 bytes free
.
- - End Of File - - 1FCF081266E067BAA39B6D1C02C1435C
A36C5E4F47E84449FF07ED3517B43A31

 



#14 elbowpipe

elbowpipe

    Authentic Member

  • Authentic Member
  • PipPip
  • 72 posts
  • Interests:Trad Irish and Scottish music, Gaelic song, reading fiction/non-fiction (Cormac McCarthy and Alice Munroe current faves), creative writing.

Posted 02 April 2014 - 04:12 PM

Sorry, forgot to sitch off the firewall. Have done so and ran ComboFix again

 

ComboFix 14-03-24.01 - Simona 02/04/2014  23:02:32.2.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.2732.1059 [GMT 1:00]
Running from: c:\users\Simona\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-02 to 2014-04-02  )))))))))))))))))))))))))))))))
.
.
2014-04-02 22:07 . 2014-04-02 22:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-02 14:41 . 2014-03-17 09:16 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{145B79B8-F020-4CBD-B039-DE36F3933BCA}\mpengine.dll
2014-04-02 14:38 . 2014-04-02 14:38 -------- d-----w- c:\program files\ESET
2014-04-01 22:02 . 2014-04-02 20:30 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-01 22:01 . 2014-03-05 08:26 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-01 22:01 . 2014-03-05 08:26 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-01 22:01 . 2014-03-05 08:26 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-01 22:01 . 2014-04-01 22:01 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-01 22:01 . 2014-04-01 22:01 -------- d-----w- c:\programdata\Malwarebytes
2014-04-01 17:15 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-01 17:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-04-01 17:15 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-04-01 17:15 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-04-01 17:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-04-01 17:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-04-01 17:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-04-01 17:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-04-01 17:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-04-01 17:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-04-01 17:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-04-01 17:09 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-01 17:09 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-04-01 14:53 . 2014-04-01 14:53 -------- d-----w- c:\users\Simona\AppData\Roaming\Systweak
2014-04-01 14:50 . 2014-04-01 14:51 -------- d-----w- C:\AdwCleaner
2014-03-17 22:11 . 2014-03-17 22:11 -------- d-----w- c:\users\Simona\AppData\Roaming\CBS Interactive
2014-03-05 17:56 . 2014-03-05 17:56 -------- d-----w- c:\users\Simona\AppData\Local\Skype
2014-03-05 17:55 . 2014-03-05 17:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Ultra Agent"="d:\daemon tools ultra\DTAgent.exe" [2013-06-25 3128352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-03 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-03 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-03 177944]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-07-12 10754664]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-06-07 2199376]
"BTMTrayAgent"="c:\program files\Intel\Bluetooth\btmshell.dll" [2011-10-18 9894160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
c:\users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Download App.lnk - c:\users\Simona\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe /HIDEWINDOW [2014-3-6 1505928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 ryiqzhck;ryiqzhck;c:\windows\system32\drivers\ryiqzhck.sys [x]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2012-06-28 233344]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-12-05 141312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 241936]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-05 509440]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-05 104208]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 722704]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-12-05 141312]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 43008]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 230912]
S3 Disc Soft Bus Service;Disc Soft Bus Service;d:\daemon tools ultra\DiscSoftBusService.exe [2013-06-25 632352]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys [2013-07-18 24704]
S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-06-07 254800]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 47104]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-03-05 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-02 107736]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-03-05 51416]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-12-02 10299904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 21:04 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 22:35]
.
2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-18 22:35]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-02  23:08:20
ComboFix-quarantined-files.txt  2014-04-02 22:08
ComboFix2.txt  2014-04-02 21:55
.
Pre-Run: 64,755,621,888 bytes free
Post-Run: 64,704,929,792 bytes free
.
- - End Of File - - E74C2C3A5A5B49A281FAD7BD1EA2C045
A36C5E4F47E84449FF07ED3517B43A31


#15 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,250 posts
  • Interests:LFC, music, more LFC, more music

Posted 03 April 2014 - 04:44 AM

Hi

Sorry for the delay.
 

There's a Download App which keeps being updated

We can stop this from starting up automatically.

Run HijackThis

Open HijackThis and click Do a system scan only.

Place a check mark next to:

O4 - Startup: Download App.lnk = C:\Users\Simona\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe

Close all windows except for HijackThis and click Fix checked.

=====================================

Submit a file to VirusTotal

There is a driver file here that I don’t know, (neither does Google). Unless you know what it is, we’d better check it out.

Go to VirusTotal and submit this file for analysis:

C:\WINDOWS\system32\Drivers\ryiqzhck.sys

  • click on Browse
  • click on the arrow and choose Local Disc (C:)

    ChooseLocaldiscC.jpg
  • below, double-click on Windows
  • double-click on the System32 folder and then the Drivers folder
  • locate the file ryiqzhck.sys click on it and then on Open
  • click on Send File
  • if you get a message saying File has already been analyzed, click Reanalyze file now.

You will get a report back; please post the report into this thread for me to see.

 

Thanks

Satchfan
 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users