1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser Hijack PUP.websearch and other stuff

Discussion in 'Virus & Other Malware Removal' started by FatDaddy, Jan 26, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    105
    The computer runs very slow and the browser takes you wherever it decides to! I ran MalwareBytes and found close to 700 buggers and cleaned all but 8 that keep coming back. The last MBscan reported none but the computer stills is messed up. I am going to copy / paste the files requested. Any and all help will be greatly appreciated.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:10:00 PM, on 1/25/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\windows\system32\taskhost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Users\Patty\AppData\Local\Strongvault Online Backup\SMessaging.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Users\Patty\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - (no file)
    O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SMessaging] C:\Users\Patty\AppData\Local\Strongvault Online Backup\SMessaging.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    O4 - HKCU\..\Run: [Messenger] "C:\Program Files\Strongvault Online Backup\SMessenger.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Novatel Wireless Verizon Device Helper (NWVZHelper) - Novatel Wireless Inc. - C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
    O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    --
    End of file - 9293 bytes


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by Patty at 18:10:52 on 2013-01-25
    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.247 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
    C:\windows\SYSTEM32\Rezip.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Users\Patty\AppData\Local\Strongvault Online Backup\SMessaging.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\windows\system32\conhost.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
    uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
    uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
    uRun: [Messenger] "c:\program files\strongvault online backup\SMessenger.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SMessaging] c:\users\patty\appdata\local\strongvault online backup\SMessaging.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{950CA4E8-EB13-4B49-B7F6-BAF6CE7A8870} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{9A143B21-0A77-4A2A-92E4-FBFA1E112DC1}\3416262796E696 : DHCPNameServer = 192.168.1.5 192.168.1.1
    TCP: Interfaces\{9A143B21-0A77-4A2A-92E4-FBFA1E112DC1}\65562796A7F6E6024425F49444850233932393 : DHCPNameServer = 192.168.42.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-14 10752]
    R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-7-22 96768]
    R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2012-7-22 8704]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-22 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-22 682344]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
    R2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\novatel wireless\verizon\drivers\NWHelper_001.exe [2010-6-3 216064]
    R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-12-14 311296]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-22 21104]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-1-22 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
    S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
    S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
    S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-24 14848]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2012-10-24 14232]
    S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2012-10-24 13720]
    S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2012-10-24 21912]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-24 49664]
    .
    =============== Created Last 30 ================
    .
    2013-01-25 06:20:40 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1e50a77d-c385-4837-9182-0dd1ad533479}\mpengine.dll
    2013-01-24 06:45:07 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-24 06:33:05 514560 ----a-w- c:\windows\system32\qdvd.dll
    2013-01-24 06:33:02 247808 ----a-w- c:\windows\system32\schannel.dll
    2013-01-24 06:33:01 369856 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-01-24 06:33:01 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-01-24 06:33:01 1039360 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-24 06:24:36 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2013-01-24 06:24:35 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2013-01-24 06:23:23 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2013-01-24 06:23:11 156672 ----a-w- c:\windows\system32\ncsi.dll
    2013-01-24 06:23:10 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
    2013-01-24 06:23:10 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2013-01-24 06:23:10 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-24 06:23:09 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2013-01-24 06:23:09 242176 ----a-w- c:\windows\system32\nlasvc.dll
    2013-01-24 06:23:09 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-01-24 06:23:09 175104 ----a-w- c:\windows\system32\netcorehc.dll
    2013-01-24 06:23:08 52224 ----a-w- c:\windows\system32\nlaapi.dll
    2013-01-24 06:23:08 18944 ----a-w- c:\windows\system32\netevent.dll
    2013-01-24 06:21:54 49152 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-24 06:21:50 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2013-01-24 06:21:50 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
    2013-01-24 05:07:35 -------- d-----w- c:\program files\Microsoft Analysis Services
    2013-01-24 03:19:06 -------- d-----w- c:\windows\system32\SPReview
    2013-01-24 03:17:19 -------- d-----w- c:\windows\system32\EventProviders
    2013-01-24 03:14:51 -------- d-----w- c:\windows\en
    2013-01-24 03:13:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2013-01-24 03:03:09 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2013-01-24 03:01:59 640512 ----a-w- c:\windows\system32\advapi32.dll
    2013-01-24 03:00:59 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2013-01-24 02:59:59 402944 ----a-w- c:\windows\system32\drmmgrtn.dll
    2013-01-24 02:58:59 6656 ----a-w- c:\windows\system32\drivers\RDPCDD.sys
    2013-01-24 02:57:51 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2013-01-24 02:57:51 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
    2013-01-24 02:57:50 363008 ----a-w- c:\windows\system32\wbemcomn.dll
    2013-01-24 02:57:49 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2013-01-24 02:57:49 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2013-01-24 02:57:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
    2013-01-24 02:57:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
    2013-01-24 02:57:01 209920 ----a-w- c:\windows\system32\PkgMgr.exe
    2013-01-24 02:57:01 189952 ----a-w- c:\windows\system32\wdscore.dll
    2013-01-24 02:55:13 323072 ----a-w- c:\windows\system32\drvstore.dll
    2013-01-24 02:55:12 257024 ----a-w- c:\windows\system32\dpx.dll
    2013-01-23 23:09:05 1783056 ----a-w- c:\windows\system32\WavesLib.dll
    2013-01-23 23:09:04 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
    2013-01-23 23:09:04 185584 ----a-w- c:\windows\system32\SRSTSHD.dll
    2013-01-23 23:09:04 173296 ----a-w- c:\windows\system32\SRSHP360.dll
    2013-01-23 23:09:04 140528 ----a-w- c:\windows\system32\SRSWOW.dll
    2013-01-23 23:09:01 551456 ----a-w- c:\windows\system32\RTSndMgr.cpl
    2013-01-23 23:09:01 2977248 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
    2013-01-23 23:09:00 1539104 ----a-w- c:\windows\system32\RtkPgExt.dll
    2013-01-23 20:16:44 -------- d-----w- c:\program files\VS Revo Group
    2013-01-23 19:49:28 -------- d-----w- c:\users\patty\.gimp-2.6
    2013-01-23 16:15:50 -------- d-----w- c:\programdata\Strongvault Online Backup
    2013-01-23 03:06:08 -------- d-----w- c:\windows\system32\x64
    2013-01-23 03:03:43 -------- d-----w- c:\program files\Microsoft
    2013-01-23 02:51:19 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2013-01-23 02:43:30 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2013-01-23 02:43:30 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2013-01-23 02:43:28 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2013-01-23 02:42:25 525656 ----a-w- c:\program files\common files\windows live\.cache\442746c91cdf91308\DXSETUP.exe
    2013-01-23 02:42:24 94040 ----a-w- c:\program files\common files\windows live\.cache\442746c91cdf91308\DSETUP.dll
    2013-01-23 02:42:24 1691480 ----a-w- c:\program files\common files\windows live\.cache\442746c91cdf91308\dsetup32.dll
    2013-01-23 02:42:18 525656 ----a-w- c:\program files\common files\windows live\.cache\4191883d1cdf91307\DXSETUP.exe
    2013-01-23 02:42:18 1691480 ----a-w- c:\program files\common files\windows live\.cache\4191883d1cdf91307\dsetup32.dll
    2013-01-23 02:42:17 94040 ----a-w- c:\program files\common files\windows live\.cache\4191883d1cdf91307\DSETUP.dll
    2013-01-23 02:41:28 -------- d-----w- c:\users\patty\appdata\local\Windows Live
    2013-01-23 02:25:05 -------- d-----w- c:\users\patty\appdata\roaming\Malwarebytes
    2013-01-23 02:24:05 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-23 02:23:53 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-23 02:23:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-22 14:03:24 -------- d-----w- c:\program files\MSXML 4.0
    2013-01-14 19:51:13 -------- d-----w- c:\users\patty\appdata\local\assembly
    2013-01-14 19:50:58 -------- d-----w- c:\users\patty\appdata\local\Deployment
    2013-01-14 19:50:58 -------- d-----w- c:\users\patty\appdata\local\Apps
    2013-01-14 16:36:50 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-14 16:32:08 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2013-01-14 15:17:55 -------- d-----w- c:\users\patty\appdata\roaming\PCFixSpeed
    2013-01-14 15:16:01 -------- d-----w- c:\users\patty\appdata\roaming\Strongvault
    2013-01-14 15:15:12 -------- d-----w- c:\program files\common files\MSSoap
    2013-01-14 15:15:00 -------- d-----w- c:\users\patty\appdata\local\Strongvault Online Backup
    2013-01-14 15:14:46 -------- d-----w- c:\users\patty\appdata\local\Stronghold_LLC
    2013-01-14 15:13:54 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2013-01-14 15:13:49 -------- d-----w- c:\users\patty\appdata\local\StrongVault
    2013-01-14 15:13:26 -------- d-----w- c:\users\patty\appdata\roaming\CalendarPackages
    2013-01-10 18:29:50 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-10 18:29:45 626688 ----a-w- c:\windows\system32\usp10.dll
    2013-01-10 18:29:42 2345984 ----a-w- c:\windows\system32\win32k.sys
    2013-01-10 18:29:39 492032 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-10 18:26:38 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2013-01-10 18:25:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-10 17:56:32 -------- d-----w- c:\users\patty\appdata\roaming\Systweak
    2013-01-10 17:56:25 18952 ----a-w- c:\windows\system32\roboot.exe
    .
    ==================== Find3M ====================
    .
    2013-01-24 03:46:37 152576 ----a-w- c:\windows\system32\msclmd.dll
    2013-01-14 16:37:17 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 02:52:48 64664 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2012-11-02 02:52:48 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
    2012-07-12 08:28:44 2174976 ----a-w- c:\program files\common files\atimpenc.dll
    .
    ============= FINISH: 18:13:28.81 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/25/2010 8:55:35 AM
    System Uptime: 1/25/2013 5:12:06 PM (1 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N150/N210/N220
    Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz | CPU 1 | 1667/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 67 GiB total, 23.013 GiB free.
    D: is FIXED (NTFS) - 67 GiB total, 66.773 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: NetGroup Packet Filter Driver
    Device ID: ROOT\LEGACY_NPF\0000
    Manufacturer:
    Name: NetGroup Packet Filter Driver
    PNP Device ID: ROOT\LEGACY_NPF\0000
    Service: npf
    .
    ==== System Restore Points ===================
    .
    RP239: 1/25/2013 3:25:55 PM - Revo Uninstaller's restore point - Browse For Change
    RP241: 1/25/2013 3:33:13 PM - Revo Uninstaller's restore point - Browser Manager
    RP243: 1/25/2013 3:50:03 PM - Revo Uninstaller's restore point - Complitly
    RP245: 1/25/2013 3:57:55 PM - Revo Uninstaller's restore point - iLivid
    RP247: 1/25/2013 4:00:53 PM - Revo Uninstaller's restore point - NewFreeScreensaver nfsHorse
    RP249: 1/25/2013 4:07:10 PM - Revo Uninstaller's restore point - Voobys
    RP250: 1/25/2013 4:07:54 PM - Removed Voobys
    RP252: 1/25/2013 4:12:04 PM - Revo Uninstaller's restore point - WinPcap 4.1.2
    RP254: 1/25/2013 4:15:35 PM - Revo Uninstaller's restore point - Yontoo 1.10.02
    RP256: 1/25/2013 4:21:01 PM - Revo Uninstaller's restore point - YTD Toolbar v6.6
    RP257: 1/25/2013 4:22:02 PM - Removed YTD Toolbar v6.6.
    RP259: 1/25/2013 4:27:41 PM - Revo Uninstaller's restore point - YTD YouTube Downloader & Converter 3.7
    RP261: 1/25/2013 4:36:19 PM - Revo Uninstaller's restore point - ImTOO Video Converter Ultimate
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1
    Amazon MP3 Downloader 1.0.12
    Amazon MP3 Uploader
    AnyPC Client
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Client Installation Program
    BatteryLifeExtender
    Bonjour
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP970 series
    ChargeableUSB
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    CyberLink YouCam
    D3DX10
    Dairy Dash
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Easy Display Manager
    Easy Network Manager
    Easy Resolution Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    Facebook Video Calling 1.2.0.287
    Freemake Video Downloader
    GIMP 2.6.10
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    House of Night Screensaver Screensaver
    iCloud
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Marvell Miniport Driver
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Works
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PDFCreator
    QuickTime
    Realtek High Definition Audio Driver
    REALTEK Wireless LAN Software
    Revo Uninstaller 1.94
    Samsung Recovery Solution 4
    Samsung Support Center
    Samsung Update Plus
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Skype™ 6.0
    Strongvault Online Backup
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    User Guide
    Verizon Mobile Broadband Drivers
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/25/2013 5:13:27 PM, Error: Service Control Manager [7000] - The WinPcap Packet Driver (NPF) service failed to start due to the following error: The system cannot find the file specified.
    1/25/2013 5:13:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    1/25/2013 5:07:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    1/25/2013 5:03:30 PM, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/25/2013 5:03:30 PM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/25/2013 5:03:30 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
    1/25/2013 5:03:30 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.
    1/24/2013 9:05:53 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{950CA4E8-EB13-4B49-B7F6-BAF6CE7A8870} because another computer on the network has the same name. The server could not start.
    1/24/2013 9:05:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    1/24/2013 8:18:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Rezip service.
    1/24/2013 5:10:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer LEEFAMILY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9A143B21-0A77-4A2A-92E4-FBFA1E11. The master browser is stopping or an election is being forced.
    1/24/2013 2:21:32 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    1/24/2013 2:08:05 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    1/24/2013 11:05:00 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
    1/24/2013 1:20:36 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    1/23/2013 10:08:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Microsoft - Other hardware - Microsoft Hardware USB Mouse.
    .
    ==== End Of File ===========================


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-26 00:30:26
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.HH10 149.05GB
    Running: h5x0lq3s.exe; Driver: C:\Users\Patty\AppData\Local\Temp\fgloapow.sys


    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E8EA49 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EC84D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? C:\Users\Patty\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f6e1
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fedcf2
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f6e1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fedcf2 (not active ControlSet)

    ---- EOF - GMER 2.0 ----


    Thank You
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Infections returning after Malwarebytes has removed them is often a sign that you have a Rootkit infection, we shall see.

    Please reboot the system and then run a Full system scan with Malwarebytes, remove everything it finds and post the log produced.

    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  3. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    105
    Mark, I am sorry that it took so long to reply but I had to work late and the firewall at work stopped me from downloading. I had several reboots so there are multible logs from some on the scans. He there go.....

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.26.09

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Patty :: PATTY-PC [administrator]

    Protection: Enabled

    1/26/2013 12:29:34 PM
    mbam-log-2013-01-26 (12-29-34).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 431662
    Time elapsed: 1 hour(s), 50 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    # AdwCleaner v2.108 - Logfile created 01/26/2013 at 23:11:34
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : Patty - PATTY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Patty\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.29] : icon_url = "hxxp://www.babylon.com/favicon.ico",
    Deleted [l.32] : keyword = "babylon.com",
    Deleted [l.35] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110790&tt=120912_pcp_3812_2&ba[...]

    File : C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [15162 octets] - [26/01/2013 15:08:46]
    AdwCleaner[S2].txt - [1129 octets] - [26/01/2013 23:11:34]

    ########## EOF - C:\AdwCleaner[S2].txt - [1189 octets] ##########


    # AdwCleaner v2.108 - Logfile created 01/26/2013 at 15:08:46
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : Patty - PATTY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Patty\Desktop\adwcleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    File Deleted : C:\user.js
    File Deleted : C:\Users\Admin\AppData\Local\Temp\searchqutoolbar-manifest.xml
    File Deleted : C:\Users\Patty\AppData\Local\funmoods-speeddial.crx
    File Deleted : C:\Users\Patty\AppData\Local\Temp\Searchqu.ini
    File Deleted : C:\Users\Patty\AppData\Local\Temp\searchqutoolbar-manifest.xml
    File Deleted : C:\Users\Patty\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\DealPly
    Folder Deleted : C:\Program Files\Playbryte
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Admin\AppData\Local\blekkotb
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\blekkotb
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\Searchqutoolbar
    Folder Deleted : C:\Users\Moni\AppData\Local\blekkotb
    Folder Deleted : C:\Users\Moni\AppData\LocalLow\blekkotb
    Folder Deleted : C:\Users\Moni\AppData\LocalLow\FunWebProducts
    Folder Deleted : C:\Users\Moni\AppData\LocalLow\MyWebSearch
    Folder Deleted : C:\Users\Moni\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Patty\AppData\Local\Conduit
    Folder Deleted : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Folder Deleted : C:\Users\Patty\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Patty\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Patty\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Patty\AppData\LocalLow\MyWebSearch
    Folder Deleted : C:\Users\Patty\AppData\LocalLow\Playbryte
    Folder Deleted : C:\Users\Patty\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Patty\AppData\LocalLow\Searchqutoolbar
    Folder Deleted : C:\Users\Patty\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Patty\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll
    Key Deleted : HKCU\Software\5b68cd1e235e543
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Ask&Record
    Key Deleted : HKCU\Software\BrowserMngr
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Babylon
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKLM\SOFTWARE\5b68cd1e235e543
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DealPly
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
    Key Deleted : HKLM\Software\SimplyGen
    Key Deleted : HKLM\Software\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{26C9E18C-3717-4BE1-A225-04E4471F5B6E}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.29] : icon_url = "hxxp://www.babylon.com/favicon.ico",
    Deleted [l.32] : keyword = "babylon.com",
    Deleted [l.35] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110790&tt=120912_pcp_3812_2&ba[...]

    File : C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [15031 octets] - [26/01/2013 15:08:46]

    ########## EOF - C:\AdwCleaner[S1].txt - [15092 octets] ##########


    # AdwCleaner v2.108 - Logfile created 01/26/2013 at 23:11:34
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : Patty - PATTY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Patty\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.29] : icon_url = "hxxp://www.babylon.com/favicon.ico",
    Deleted [l.32] : keyword = "babylon.com",
    Deleted [l.35] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110790&tt=120912_pcp_3812_2&ba[...]

    File : C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [15162 octets] - [26/01/2013 15:08:46]
    AdwCleaner[S2].txt - [1129 octets] - [26/01/2013 23:11:34]

    ########## EOF - C:\AdwCleaner[S2].txt - [1189 octets] ##########


    RogueKiller V8.4.3 [Jan 26 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Patty [Admin rights]
    Mode : Scan -- Date : 01/26/2013 23:54:29
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [RESIDUE] SMessaging.exe -- C:\Users\Patty\AppData\Local\Strongvault Online Backup\SMessaging.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Run : SMessaging (C:\Users\Patty\AppData\Local\Strongvault Online Backup\SMessaging.exe) -> FOUND
    [TASK][SUSP PATH] iMeshNAG.job : C:\Users\Patty\AppData\Local\Temp\iMesh_setup.exe NAGMETHOD=Schedule -> FOUND
    [TASK][SUSP PATH] iMeshNAG : C:\Users\Patty\AppData\Local\Temp\iMesh_setup.exe NAGMETHOD=Schedule -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HM160HI +++++
    --- User ---
    [MBR] c4609bb838a73dcb5556a301a09d9830
    [BSP] 7e6bbe1775e444f56ea1d876b619ed11 : KIWI Image system MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 68581 Mo
    3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 172118016 | Size: 68584 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01262013_02d2354.txt >>
    RKreport[1]_S_01262013_02d2354.txt



    Thanks Again
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    There is an item of Adware that has re-appeared after ADWCleaner deleted it so we need to take some action to remove it.

    Follow instructions here: How to delete Google Chrome sync data

    When done close Google Chrome and navigate to this file using Windows Explorer:

    C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences <---this file

    Right click on the file and select Rename. Type .old onto the end of the file name so it appears as Preferences.old then close the Explorer window.

    Reboot the system and run Google Chrome, then close it and do another scan with ADWCleaner and post the new log.

    Please then tell me how well the system is performing and if the browser is ok now.
     
  5. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    105
    It seems a lot better, but Internet Explorer is still pretty slow. It does seem to go where pointed and not redirected.
    Here is the log file from ADWcleaner.

    Thanks

    # AdwCleaner v2.108 - Logfile created 01/27/2013 at 16:00:01
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : Patty - PATTY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Patty\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.30] : icon_url = "hxxp://www.babylon.com/favicon.ico",
    Deleted [l.33] : keyword = "babylon.com",
    Deleted [l.36] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110790&tt=120912_pcp_3812_2&ba[...]

    File : C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.8] : homepage = "hxxp://search.babylon.com/?affID=110790&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=[...]
    Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110790&tt=120912_pcp_3812[...]

    File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S3].txt - [1277 octets] - [27/01/2013 16:00:01]

    ########## EOF - C:\AdwCleaner[S3].txt - [1337 octets] ##########
     
  6. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The Babylon hijack has come back on Chrome and also spread to the Moni user account. No detection of anything on IE though.

    Please reboot the PC and run ADWCleaner again and post the new log
     
  7. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    105
    When I ran ADWcleaner this tiime in prompted me for an update so I updated it and ran it. Here is the log file...

    # AdwCleaner v2.109 - Logfile created 01/27/2013 at 17:34:58
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : Patty - PATTY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Patty\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.8] : homepage = "hxxp://search.babylon.com/?affID=110790&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=[...]
    Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110790&tt=120912_pcp_3812[...]

    File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S3].txt - [1406 octets] - [27/01/2013 16:00:01]
    AdwCleaner[S4].txt - [1131 octets] - [27/01/2013 17:34:58]

    ########## EOF - C:\AdwCleaner[S4].txt - [1191 octets] ##########
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The Babylon hijack has now gone from your Patty account but returned on the Moni account.

    You need to sign in on the Moni account and repeat what you did earlier to clear the Google sync data and change the Preferences folder name.

    When done reboot and run ADWCleaner again and post the new log.
     
  9. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    105
    OK I went to the moni account and did all that then rebooted and ran a ADWcleaner from the Patty account, that is the admin account. Here is the log...

    # AdwCleaner v2.109 - Logfile created 01/27/2013 at 22:07:14
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)
    # User : Patty - PATTY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Patty\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S3].txt - [1406 octets] - [27/01/2013 16:00:01]
    AdwCleaner[S4].txt - [1260 octets] - [27/01/2013 17:34:58]
    AdwCleaner[S5].txt - [876 octets] - [27/01/2013 22:07:14]

    ########## EOF - C:\AdwCleaner[S5].txt - [935 octets] ##########
     
  10. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Good job, we now have a clean log. How well is the system and browsers running now.
     
  11. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    105
    Mark, everything is 100% better! This is no screaming fast machine, it is only a Netbook, but it serves the purpose.
    The browsers are working like they should I think. Do I need to run anything else?

    Lester
     
  12. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Just one other thing that is worth doing would be to run this scan, I can see in your logs you have an outdated version of Java, there could be other things that need updating.

    Download Security Check by screen317 from Here or Here.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.
     
  13. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    105
    Here is the log. I also would like to make sure that "Strong Vault Online Backup" and "iMesh setup" is no longer preset as well. They were on the Rigue Killer log.

    Thanks again,


    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 24
    Java version out of Date!
    Adobe Flash Player 11.4.402.265
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 24.0.1312.52
    Google Chrome 24.0.1312.56
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Patty AppData Local Strongvault Online Backup\SMessaging.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     
  14. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The settings for Strong Vault Online Backup and iMesh setup detected by RogueKiller have not been altered. If you want to remove them run RogueKiller again and after running the Scan click on the Delete button.

    Security Check shows Adobe Reader and Java are out of date and your hard drive is in need of a Defrag.

    Follow this guide to defragment the hard drive and set up a schedule: Windows 7 Defrag As the above report states you should not defragment the hard drive if it is a solid state drive.

    Adobe
    Close any programs you may have running - especially your web browser.
    Click on Start [​IMG] > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

    Adobe Reader 9


    NOTE: For XP click on [​IMG] > Control Panel, double-click on Add or Remove Programs and continue as above.

    Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.

    [​IMG]

    You will now see a page similar to this one:

    [​IMG]

    All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

    As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
    NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

    Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.




    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java and update.

    How to update Java:
    Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement.
    End user licence agreement

    First uninstall all existing versions of Java.

    • Go to Start > Control Panel double-click on Add/Remove programs (or Programs and Features) and click on any item with Java, Java(TM), JRE or J2SE in the name.
    • Click the Uninstall, Remove or Change/Remove button and allow it to uninstall.
    • If a User Account Control warning appears click on Allow.
    • Repeat as many times as necessary to remove each and every item.
    • Reboot your computer once all Java components are removed.

    NOTE: If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below,
    but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?.
    If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.


    How to install the latest version.

    • Open the browser that you normally use and click on this link: Java Download
    • Click on the big red button Free Java Download
    • On the next page click on the big red button Agree and Start Free Download
    • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
    • When the Welcome to Java window appears click on Install.
    • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
    • If any error messages appear click on OK and then click on the Agree and start free download button again.
    • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
    • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
    • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
    • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
    • The Installation is now complete, please reboot the system.
    • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.
     
  15. FatDaddy

    FatDaddy Thread Starter

    Joined:
    Oct 4, 2004
    Messages:
    105
    The computer is working like it should now! THANK YOU! Unless you need for me to run anything else or post anything else, I think this can be marked as solved.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086929

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice