dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
3302
share rss forum feed


dubois

@117.199.181.x

[Malware] forwarded 'trojan generic'

The Joker was working on this until I arrived in India and since then, havent been able to connect to the forum
»www.spywareinfoforum.com/topic/1 ··· generic/

Since starting the above thread over a week ago my internet wifi connections have been continually getting cut off...
so without any outside help I uninstalled firefox, installed chrome, uninstalled all the mystart files, uninstalled manycam and ran a few adw and jrt scans.
I will try to post them in order.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Starter x86
Ran by Bob on 18/12/2013 at 18:44:28.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ FireFox

Emptied folder: C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\r45tt2hc.default\minidumps [3 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/12/2013 at 18:50:15.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.015 - Report created 18/12/2013 at 18:53:21
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : Bob - BOB-PC
# Running from : C:\Users\Bob\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\r45tt2hc.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2606 octets] - [16/12/2013 12:01:58]
AdwCleaner[R1].txt - [865 octets] - [18/12/2013 18:51:46]
AdwCleaner[S0].txt - [2703 octets] - [16/12/2013 12:06:47]
AdwCleaner[S1].txt - [787 octets] - [18/12/2013 18:53:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [846 octets] ##########
# AdwCleaner v3.015 - Report created 19/12/2013 at 00:05:29
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : Bob - BOB-PC
# Running from : C:\Users\Bob\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

*************************

AdwCleaner[R0].txt - [2606 octets] - [16/12/2013 12:01:58]
AdwCleaner[R1].txt - [865 octets] - [18/12/2013 18:51:46]
AdwCleaner[R2].txt - [957 octets] - [19/12/2013 00:03:43]
AdwCleaner[S0].txt - [2703 octets] - [16/12/2013 12:06:47]
AdwCleaner[S1].txt - [925 octets] - [18/12/2013 18:53:21]
AdwCleaner[S2].txt - [881 octets] - [19/12/2013 00:05:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [940 octets] ##########
# AdwCleaner v3.015 - Report created 22/12/2013 at 09:53:25
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : Bob - BOB-PC
# Running from : C:\Users\Bob\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2606 octets] - [16/12/2013 12:01:58]
AdwCleaner[R1].txt - [865 octets] - [18/12/2013 18:51:46]
AdwCleaner[R2].txt - [957 octets] - [19/12/2013 00:03:43]
AdwCleaner[R3].txt - [1199 octets] - [22/12/2013 09:51:03]
AdwCleaner[S0].txt - [2703 octets] - [16/12/2013 12:06:47]
AdwCleaner[S1].txt - [925 octets] - [18/12/2013 18:53:21]
AdwCleaner[S2].txt - [1019 octets] - [19/12/2013 00:05:29]
AdwCleaner[S3].txt - [1123 octets] - [22/12/2013 09:53:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1183 octets] ##########
I ran ADW an hour ago so didnt think it was worth following this step again
No extras txt was created
and I ran MBM an hour ago too. here is the log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.14.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Bob :: BOB-PC [administrator]

22/12/2013 09:56:40
mbam-log-2013-12-22 (09-56-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195494
Time elapsed: 15 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Results of screen317's Security Check version 0.99.77
Windows 7 x86 [color=red](UAC is disabled!)[/color]
[color=red]Out of date service pack!![/color]
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 15
[color=red]Java version out of Date![/color]
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Google Chrome 31.0.1650.63
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 6%
[u]````````````````````End of Log``````````````````````[/u]
I've tried 4 times to run Eset online scan but either the battery dies or the connection des before I get past 30%
The only problems it did find last week are below.
C:\Program Files\Adobe-Flash-Player.exe a variant of Win32/InstallCore.BH application
C:\Program Files\BitLordInstall.exe a variant of Win32/InstallCore.CU application
C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe a variant of Win32/Bunndle application


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
TJ was made aware of your post this evening

Sometimes posts are delayed for review when you're "new" - hope you can understand ...

He'll be back when he can to assist, so don't go away ~ please stand by


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

reply to dubois
You said at SWI you were posting from Internet cafes. Internet cafes are another reason you need to update Windows when we are sure your system is clean. They are not a secure, trusted connection, and malware could take advantage of security vulnerabilities that have already been fixed, but not applied to your system. But as I said, don't update now, we need to be certain the system is clean first.

quote:
I've tried 4 times to run Eset online scan but either the battery dies or the connection des before I get past 30%

Let's try Sophos Virus Removal Tool. It's a stand-alone scanner. You install it, and when you run it it will update and start the scan, but it's running from your system, and isn't an online scan, so once you have started the scan while connected, you should be able to disconnect from the Internet, and as long as you go back to whereever you are staying to plug back in before the battery dies, you should be able to continue scanning until completion not being on battery.

But lets run one utility first.
Go to this page for RKill by Grinler:
»www.bleepingcomputer.com/downloa ··· d/rkill/
- Download the program from the first link (rkill.com), and save it to the Desktop.
- Double-click on RKill.com to run it.
- If the first one does not run successfully, try the other copies and see if one of them will run.
- After the utility completes it will create a log on the desktop, rkill.txt.
- Please post that log in your next reply.
- Do NOT reboot your system after running RKill.

Then go to this link, and scroll down to #3 for instructions for running Sophos Virus Removal Tool, and when through, please post the results in your next reply.
»Security Cleanup FAQ »Rootkit Detection Applications

When finished, please post the log from RKill and Sophos Virus Removal Tool, and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


dubois

@202.91.87.x
Rkill 2.6.4 by Lawrence Abrams (Grinler)
»www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
»www.bleepingcomputer.com/forums/ ··· 364.html

Program started at: 12/23/2013 05:02:29 PM in x86 mode.
Windows Version: Windows 7 Starter

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\Samsung\PanelMgr\SSMMgr.exe (PID: 2228) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* SensrSvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/23/2013 05:04:14 PM
Execution time: 0 hours(s), 1 minute(s), and 44 seconds(s)


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6
reply to dubois
That looks good, the next step is the Sophos Virus Removal Tool log.


dubois

@117.212.4.x
I installed the Soph thing last night. It froze while updating, so I tried to uninstall and reinstall it but then the 'virus' blocked my wifi access again.
I installed a video downloader while i was waiting and this morning ran ADW again
because that seems to give me about an hour of wifi before the bug kicks me off.

# AdwCleaner v3.015 - Report created 24/12/2013 at 08:54:03
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : Bob - BOB-PC
# Running from : C:\Users\Bob\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : VideoDownloadConverter_4zService

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\VideoDownloadConverter
Folder Deleted : C:\Program Files\VideoDownloadConverter_4z
Folder Deleted : C:\Users\Bob\AppData\Local\iac
Folder Deleted : C:\Users\Bob\AppData\Local\VideoDownloadConverter_4z
Folder Deleted : C:\Users\Bob\AppData\LocalLow\VideoDownloadConverter_4z

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Key Deleted : HKCU\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\Software\VideoDownloadConverter
Key Deleted : HKLM\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2606 octets] - [16/12/2013 12:01:58]
AdwCleaner[R1].txt - [865 octets] - [18/12/2013 18:51:46]
AdwCleaner[R2].txt - [957 octets] - [19/12/2013 00:03:43]
AdwCleaner[R3].txt - [1199 octets] - [22/12/2013 09:51:03]
AdwCleaner[R4].txt - [9786 octets] - [24/12/2013 08:52:07]
AdwCleaner[S0].txt - [2703 octets] - [16/12/2013 12:06:47]
AdwCleaner[S1].txt - [925 octets] - [18/12/2013 18:53:21]
AdwCleaner[S2].txt - [1019 octets] - [19/12/2013 00:05:29]
AdwCleaner[S3].txt - [1263 octets] - [22/12/2013 09:53:25]
AdwCleaner[S4].txt - [9917 octets] - [24/12/2013 08:54:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [9977 octets] ##########


dubois

@125.19.184.x
reply to TheJoker
The first link for sophos doesnt take you to the exe file by the way.
I tried the second one and that did.
Also, I missed the first thing on the scan list as i didnt realise it was something.
The rest is below.

Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc
Started logging on 24/12/2013 at 13:23:14
User "Bob" on computer "BOB-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 Win32
Info: Starting registry scan.
Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009.
You may not have access rights to the whole registry.
Incorrect function.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Windows\Installer\MSI2970.tmp
Hidden: file C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\a73633c1e3de43c995162e5f23f19879\System.Data.SqlXml.ni.dll
Hidden: file C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IIS-DL\iismig.dll
Hidden: file C:\Program Files\CyberLink\YouCam\Language\youcam-tutorial.exe
Hidden: file C:\Progs\ccsetup230.exe
Hidden: file C:\Progs\slsk157NS13e.exe
Hidden: file C:\Progs\wrar391.exe
Hidden: file C:\Program Files\Google\Picasa3\setup.exe
Hidden: file C:\Windows\MSetup\BA46-05053A95\EPM.exe
Hidden: file C:\Windows\System32\GPhotos.scr
Hidden: file C:\Windows\System32\AInst3141.exe
Hidden: file C:\Program Files\Samsung\Samsung Universal Print Driver\Setup\PRINTER\UPD\32bit\itdrvuc.dll
Hidden: file C:\Program Files\Samsung\Samsung Universal Print Driver\SPanel\JobErr.exe
Hidden: file C:\Windows\System32\DriverStore\FileRepository\spd__.inf_x86_neutral_06ffbab8aba9e6c7\32bit\itdrvuc.dll
Hidden: file C:\Windows\System32\spool\drivers\w32x86\3\spd__uc.dll
Hidden: file C:\Program Files\Samsung\SamsungManual\RunManual.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_tur\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_bra\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_chs\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_cht\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_cze\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_dan\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_dut\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_eng\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_fin\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_fra\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_ger\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_gre\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_hun\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_ita\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_kor\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_nor\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_pol\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_por\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_rus\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_slk\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_spn\intro.exe
Hidden: file C:\Program Files\Samsung\SamsungManual\samsungmanual_swe\intro.exe
Hidden: file C:\Program Files\Samsung\Samsung Recovery Solution 5\InstDrv.exe
Hidden: file C:\Program Files\Samsung\Samsung Recovery Solution 5\InstallManager.exe
Hidden: file C:\Program Files\Samsung\Samsung Recovery Solution 5\PreventAuto.exe
Hidden: file C:\Program Files\Samsung\Samsung Recovery Solution 5\SamsungRecoverySolution-Uninstall.exe
Hidden: file C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\SetupConsumerC2ROLW.exe
Hidden: file C:\Windows\Crystal Delight.scr
Hidden: file C:\Program Files\Samsung\EasySpeedUpManager\OSCHeckDriverInst.exe
Hidden: file C:\Program Files\Samsung\EasySpeedUpManager\ProgressDlg.exe
Hidden: file C:\Program Files\Game Pack\GameConsole\unins000.exe
Hidden: file C:\Users\Bob\Documents\hijackthis\HijackThis.exe
Hidden: file C:\ProgramData\Microsoft\OEMOffice14\Office14\setup.exe
Hidden: file C:\Program Files\Game Pack\Flip Words\FlipWords.exe
Hidden: file C:\Program Files\Game Pack\Flip Words\Launch.exe
Hidden: file C:\Program Files\Game Pack\Flip Words\TimeProtect.dll
Hidden: file C:\Program Files\Game Pack\Flip Words\omdata\omgame.js
Hidden: file C:\Program Files\Game Pack\Galapago\fmodex.dll
Hidden: file C:\Program Files\Game Pack\Galapago\Galapago.exe
Hidden: file C:\Program Files\Game Pack\Galapago\Launch.exe
Hidden: file C:\Program Files\Game Pack\Galapago\OberonSplashD.dll
Hidden: file C:\Program Files\Game Pack\Galapago\SwiftShader.dll
Hidden: file C:\Program Files\Game Pack\Galapago\TimeProtect.dll
Hidden: file C:\Program Files\Game Pack\Mahjong Escape Ancient China\bass.dll
Hidden: file C:\Program Files\Game Pack\Mahjong Escape Ancient China\MahjongEscape.exe
Hidden: file C:\Program Files\Game Pack\Mahjong Escape Ancient China\TimeProtect.dll
Hidden: file C:\Program Files\Game Pack\Slingo\FullRemove.exe
Hidden: file C:\Program Files\Game Pack\Slingo\GDFShell.dll
Hidden: file C:\Program Files\Game Pack\Slingo\Launch.exe
Hidden: file C:\Program Files\Game Pack\Slingo\TimeProtect.dll
Hidden: file C:\Program Files\Samsung\MultimediaPOP\MultimediaPOP.exe
Hidden: file C:\Program Files\VideoLAN\VLC\uninstall.exe
Hidden: file C:\Program Files\WinRAR\WinRAR.exe
Hidden: file C:\Program Files\WinFF\ffplay.exe
Hidden: file C:\Progs\jre-1_5_0_04-windows-i586-p.exe
Hidden: file C:\Progs\wlsetup-web.exe
Hidden: file C:\Progs\picasa39-setup.exe
Hidden: file C:\Progs\Sophos Virus Removal Tool.exe
Hidden: file C:\Progs\WinFF-1.5.0-setup.exe
Hidden: file C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\nb.lproj\SoftwareUpdateLocalized.dll
Hidden: file C:\Progs\DJ mixxx-1.11.0-win32.exe
Hidden: file C:\Progs\SecurityCheck.exe
Hidden: file C:\Windows\SoftwareDistribution\Download\e0008f8f0201882d04c277d116593c0f\BITC046.tmp
Hidden: file C:\Progs\vlc-2.1.0-win32.exe
Hidden: file C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
Hidden: file C:\Program Files\Mixxx\skins\Deere1280x800-WXGA\btn_fx2_over.png
Hidden: file C:\Progs\jxpiinstall.exe
Hidden: file C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
Hidden: file C:\Progs\Shockwave_Installer_Slim.exe
Hidden: file C:\Program Files\Mixxx\UninstallMixxx.exe
Hidden: file C:\Progs\msgr11us.exe
Hidden: file C:\Windows\SoftwareDistribution\Download\11817b2f5393babbb8c57ca6eca203d916d83c85
Hidden: file C:\Users\Bob\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdm.dll
Hidden: file C:\Windows\System32\Adobe\Shockwave 12\gt.exe
Hidden: file C:\Program Files\WinFF\unins000.exe
Hidden: file C:\Program Files\WinFF\ffmpeg.exe
Hidden: file C:\inetpub\utorrent.exe
Hidden: file C:\Windows\System32\Adobe\Shockwave 12\uninstaller.exe
Hidden: file C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTRNN3QP\pQmeJ8xCfT9LX3TJWOeW-2Js57AbUif5K2iMdzaEwVVbElZFTPcfnN0Fm_x1wVkcGxz7J2i7rM6jloRDF_DFiHlk4-lV3YSjrXxz-rehcM6HPbkvHi0QCVrLKgYUA&callback=google.LU[1].loadFeaturemap_49_0
Hidden: file C:\Progs\mbam-setup-1.75.0.1300.exe
Hidden: file C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter\uninstall.exe.vir
Hidden: file C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter\ffmpeg.exe.vir
Hidden: file C:\Windows\Temp\TMP0000002A34AFAE08E0930D57
Stopped logging on 24/12/2013 at 14:57:01


dubois

@nstpl.com
Thanks for all your help so far but could you please offer me some kind of solution to this problem instead of just telling me to do endless scans, which have achieved nothing so far. The problem which prompted me to start this thread 2 weeks ago is exactly the same.
ie, I log on to a wifi connection and it takes the virus about half an hour to cut me off.
After that I can't stay connected for long enough to connect to any site.
I have to keep finding different places to go online about 3 times a day and it's getting exhausting.
I don't need you to explain to me that wifi connections and cafes are insecure anymore but having no other choice and with an insecure computer, the problem will only get worse with every passing day.


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
said by dubois :

Thanks for all your help so far but could you please offer me some kind of solution to this problem instead of just telling me to do endless scans, which have achieved nothing so far.

When you perform the guidelines here for pre-clean requirements, and start a help thread - you are embarking on a journey. There are no "shortcuts"

You're one part of the effort to confirm safe passage on the internet, and your "helper" is the other. It's teamwork at it's finest.

Our expectations - from start to finish are that we leave you safe and clean, and educated on how to prevent re-infection.
This is a free service we offer, and our volunteers are unpaid. They do it because they truly enjoy helping people.

Please follow all of the requests made by your Helper, including submitting to the Forum all log results.
This helps others who frequent this forum to learn or who are seeking answers as well, to see what is going on.

We need to ascertain that everything is truly "ok".

Note that many of the utilities utilized require a formal uninstall process to return your system to a normal operating state.

It's work - yes, but it's necessary.

Therefore, we ask you please see this through till your "helper" deems you "clean". You can do it!
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


dubois

@125.19.184.x
It's becoming more and more difficult for me to connect to the internet on this computer so the longer it takes, the worse it's getting.
I have followed all the steps so far and I understand the process and I am grateful but Iwould like to start fixing the original problem and we don't seem to be any closer to doing that than I was 2 weeks ago.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

reply to dubois
I would not recommend Flip Words, Galapago, Mahjong Escape Ancient China, Slingo, or anything else from BigFishGames, they have had a previous history of adding unwanted software. I would uninstall Game Pack, or anything else from them from from Control Panel's Programs and Features.

I'm concerned about two things in that log, the hidden files (do you know why those files are hidden?), and this:
quote:
You may not have access rights to the whole registry
Were you logged in as Administrator when you ran the scan?

Go to this page for RKill by Grinler:

»www.bleepingcomputer.com/downloa ··· d/rkill/

Download the program from the first link (rkill.com), and save it to the Desktop.
Double-click on RKill.com to run it.
If the first one does not run successfully, try the other copies and see if one of them will run.

After the utility completes it will create a log on the desktop, rkill.txt.
Please post that log in your next reply.
Do NOT reboot your system after running RKill.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
»www.bleepingcomputer.com/combofi ··· combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please post the logs from RKill and ComboFix, and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


dubois

@nstpl.com
I have no idea what all those hidden files are, but they do seem to be in every programme.
I went to folder options last night and checked show hidden folders. i believe it was checked before but something else had changed it back.
I just uninstalled game pack and all the games. never played them anyway.
Not sure if i was logged in as adminstrator but i will scan again after combofix.
This is what adw picks up and 'cleans' every time but it refuses to go away;
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

I need to go back to my room to run combofix but will post the rkill log first
Rkill 2.6.4 by Lawrence Abrams (Grinler)
»www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
»www.bleepingcomputer.com/forums/ ··· 364.html

Program started at: 12/25/2013 10:36:08 AM in x86 mode.
Windows Version: Windows 7 Starter

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\Samsung\PanelMgr\SSMMgr.exe (PID: 3168) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* SensrSvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/25/2013 10:38:03 AM
Execution time: 0 hours(s), 1 minute(s), and 55 seconds(s)

will post the rest asap.

... merry christmas btw


dubois

@nstpl.com
ComboFix 13-12-24.02 - Bob 25/12/2013 11:10:24.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.354 [GMT 5.5:30]
Running from: c:\users\Bob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-11-25 to 2013-12-25 )))))))))))))))))))))))))))))))
.
.
2013-12-25 05:52 . 2013-12-25 05:52 -------- d-----w- c:\users\Bob\AppData\Local\temp
2013-12-25 05:52 . 2013-12-25 05:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-25 04:21 . 2013-12-25 04:21 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-12-25 04:21 . 2013-12-25 04:21 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-12-25 04:21 . 2013-12-25 04:21 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-12-25 04:21 . 2013-12-25 04:21 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-12-24 12:24 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FFC8933-4A1B-4349-BEE3-81837C88C306}\mpengine.dll
2013-12-23 12:36 . 2013-12-23 12:37 -------- d-----w- c:\programdata\Sophos
2013-12-23 12:35 . 2013-12-24 07:52 -------- d-----w- c:\program files\Sophos
2013-12-18 13:37 . 2013-12-18 13:40 -------- d-----w- c:\users\Bob\AppData\Local\Deployment
2013-12-18 13:37 . 2013-12-18 13:37 -------- d-----w- c:\users\Bob\AppData\Local\Apps
2013-12-16 13:04 . 2013-12-24 13:46 -------- d-----w- C:\Progs
2013-12-16 06:31 . 2013-12-25 04:01 -------- d-----w- C:\AdwCleaner
2013-12-16 06:23 . 2013-12-16 06:23 -------- d-----w- c:\windows\ERUNT
2013-12-16 05:22 . 2013-12-19 18:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-16 05:20 . 2013-12-19 18:02 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-15 01:48 . 2013-12-24 18:33 -------- d-----w- c:\users\Bob\AppData\Roaming\uTorrent
2013-12-02 19:13 . 2012-10-11 03:08 34432 ----a-w- c:\windows\system32\drivers\mcvidrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 11:47 . 2012-06-03 05:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 11:47 . 2011-06-09 08:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-04 02:57 . 2011-10-03 08:35 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-19 10:21 . 2011-06-13 04:18 230048 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-04 9398888]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-08-31 1806728]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 03:25 6595928 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 13:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-10-11 34432]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-01-31 22656]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F2C7.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [2013-02-21 134144]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2012-10-12 33096]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-31 100744]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-07-08 322336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-19 07:05 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 11:47]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-21 14:47]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-21 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.5.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-VideoDownloadConverter EPM Support - c:\progra~1\VIDEOD~2\bar\1.bin\4zmedint.exe
HKLM-Run-VideoDownloadConverter Home Page Guard 32 bit - c:\progra~1\VIDEOD~2\bar\1.bin\AppIntegrator.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe /f=srs_premium_sound_nopreset.zip /h
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-KSS - c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F2C7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-25 11:25:52
ComboFix-quarantined-files.txt 2013-12-25 05:55
.
Pre-Run: 103,807,299,584 bytes free
Post-Run: 103,723,970,560 bytes free
.
- - End Of File - - 171FB6CF54AFE46DE9DADCC7C3424D12
2E5DEBB2116B3417023E0D6562D7ED07

I ran sophos again after this but nothing was found
I did get logged ff the wifi 10 minutes later again though.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6
Merry Christmas to you also. :)

Please download SystemLook from one of the links below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook.exe
 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe
 

- Double-click SystemLook.exe to run it.
- Copy the content of the following code box into the main text field:

:regfind
7854F00C-DC77-477E-A10E-603F48442D3B
 

- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6
I would also like to see another log that ComboFix made.
Go to Start > Run
If you don't see Run on the menu, press the Windows key,and while holding it down press "R".
Please copy and past the following into the Run box:

C:\Qoobox\Add-Remove Programs.txt

Click OK.
Please also post the contents of Add-Remove Programs.txt into your next reply.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


dubois

@125.19.184.x
Not sure if I did that right but i tried a few times
SystemLook 30.07.11 by jpshortstuff
Log created at 12:20 on 26/12/2013 by Bob
Administrator - Elevation successful

No Context: 12 :regfind 7854F00C-DC77-477E-A10E-603F48442D3B

-= EOF =-

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 12.0
Apple Software Update
Atheros Client Installation Program
µTorrent
BatteryLifeExtender
Broadcom 802.11 Network Adapter
CCleaner
CyberLink YouCam
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy Resolution Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ETDWare PS/2-X86 8.0.7.1_WHQL
Fast Start
Google Chrome
Google Earth Plug-in
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 15
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell Miniport Driver
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Mixxx 1.11.0
Movie Color Enhancer
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultimediaPOP
Picasa 3
Realtek High Definition Audio Driver
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Sophos Anti-Rootkit 1.5.4
SoulSeek 157 NS 13e
SRS Premium Sound Control Panel
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
User Guide
VLC media player 2.1.0
WIDCOMM Bluetooth Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinFF 1.5 (Codename EMMA)
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update

The wifi connections have been fine since I posted last time and I left it on all night last night.
Just wondering if I should install some anti virus programme now?
All I have is microsoft security essentials at the moment.


dubois

@nstpl.com
update to last message;
now I can't connect to the wifi in my room again.
turned the router on and off and rebooted the laptop
nothing doing.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

Here's what you said at the beginning of the topic at SWI:
quote:
Last night i realised my computer was infected as it kept freezing and get logged off the wifi.
I ran a quick scan with malwarebytes and after spent some time deleting 'mystart' and manycam files.
That's not evidence of an infection. I see no indication that you are currently infected, and find it unlikely that a virus would be causing your wi-fi connections to be disconnected. I think it more likely that's caused by a hardware problem, either with the laptop, or the router.

quote:
Just wondering if I should install some anti virus programme now?
All I have is microsoft security essentials at the moment.
Microsoft Security Essentials is an antivirus program. You would not want to install an additional antivirus program. To do that, you would first need to uninstall MSE. Is that what you would prefer to do?

Please download Farbar Service Scanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe
 
- Check all the boxes.
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


dubois

@airtelbroadband.in
I think you're right about the router. I did a trouble shoot and it said there was an ip config problem.
Heres the scan
Farbar Service Scanner Version: 05-12-2013
Ran by Bob (administrator) on 27-12-2013 at 14:11:15
Running from "C:\Users\Bob\Desktop"
Microsoft Windows 7 Starter (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2011-10-01 14:50] - [2010-04-09 12:54] - 1285000 ____A (Microsoft Corporation) 63170B9EE1D0EF0032F0408605671D1A

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll
[2011-07-15 14:07] - [2010-12-21 11:08] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit

**** End of log ****


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

It's now time to look at updating Windows, as without being updated to Service Pack 1, and all the updates since then, you will remain unnecessarily vulnerable to multiple threats that have since had security fixes released.

You can find information on installing Service Pack 1 (SP1) here:
»windows.microsoft.com/en-us/wind ··· e-pack-1

Easiest way is to just turn on automatic updates (here are instructions):
»windows.microsoft.com/en-us/wind ··· indows-7

If you use the Microsoft Download Center, you have the x86 version of Windows, so you would want the x86 version of the Service Pack (which you select after clicking the Download button):
windows6.1-KB976932-X86.exe

Once you do that, and have installed all the other security updates since then (this will take some time), please post a new Security Check log.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


dubois

@mcom.fr
I spent 2 long days installing the updates and half way through
the security check just now, I was just informed that I need another 54 updates.
So I'll get back to you as soon as I can.

One missing reg key, HKMC or something was spotted by the scan.
I stopped the scan to finish the updates and didnt get a chance to make a note of it


dubois

@92.42.219.x
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 [color=red](UAC is disabled!)[/color]
Internet Explorer 11
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Sophos Anti-Rootkit 1.5.4
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 15
[color=red]Java version out of Date![/color]
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox (26.0)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 5%
[u]````````````````````End of Log``````````````````````[/u]


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

reply to dubois
Yes, it can take a while to install that many updates, and it can end up involving lots of rebooting, but it's time well spent eliminating vulnerabilities that were fixed some time ago.

Please let me know when finished with the updates.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


dubois

@mcom.fr
Finished updating now and the computer is running very slowly.
Very slow to load internet explorer and firefox, then unable to write emails in yahoo on mozilla.
Anyway, here's the report

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 [color=red](UAC is disabled!)[/color]
Internet Explorer 11
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Sophos Anti-Rootkit 1.5.4
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 15
[color=red]Java version out of Date![/color]
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox (26.0)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 4%
[u]````````````````````End of Log``````````````````````[/u]


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

One of the recommendations often seen to improve trouble-free Windows Update chances is to turn off the antivirus program while updating. Did you do this? I would consider connecting through Internet cafes and other public hotspots to be very risky. If you had the antivirus program off any any point in your updating, we will need to start scanning from scratch.

In the meantime while I wait for the answer to the above question, let's run a new copy of AdwCleaner.

Please delete your current copy of AdwCleaner.
Please follow the instructions here to download a new copy of AdwCleaner, run the scan, and post the results:
»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Assuming you didn't have your antivirus turned off while updating, some startup entries could be slowing down the system (if you did have it turned off while updating, skip this for now and we will come back to it later).
Please download Malwarebytes' StartUpLite and save it to your Desktop.
Double-click StartUpLite.exe to run the program.
This will display all unnecessary Startup entries.
Select them all, and select continue.
Restart your system.
If your system is much faster, the way to trouble-shoot this is to re-enable each item, one at a time, reboot, and see how re-enabling that one item affects performance. IF you find one that dramatically slows the system down, then you have found the culprit.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


dubois

@sky.com
I believe the antivirus has been on all the time.
I regularly keep an eye on the start up programmes with msconfig
so nothing was found with malwarebytes startup.
The online problems I'm having are pop ups which say;
non responsive script, on yahoo
shockwave player has stopped working
and something to do with javascript on Hotmail or inbox.com I believe.

# AdwCleaner v3.016 - Report created 08/01/2014 at 06:34:00
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Bob - BOB-PC
# Running from : C:\Users\Bob\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\fey7i10g.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2606 octets] - [16/12/2013 06:31:58]
AdwCleaner[R10].txt - [1982 octets] - [25/12/2013 03:59:02]
AdwCleaner[R11].txt - [2103 octets] - [27/12/2013 00:38:24]
AdwCleaner[R12].txt - [2116 octets] - [29/12/2013 02:14:05]
AdwCleaner[R13].txt - [2557 octets] - [05/01/2014 08:34:53]
AdwCleaner[R14].txt - [2388 octets] - [08/01/2014 06:31:09]
AdwCleaner[R1].txt - [865 octets] - [18/12/2013 13:21:46]
AdwCleaner[R2].txt - [957 octets] - [18/12/2013 18:33:43]
AdwCleaner[R3].txt - [1199 octets] - [22/12/2013 04:21:03]
AdwCleaner[R4].txt - [9786 octets] - [24/12/2013 03:22:07]
AdwCleaner[R5].txt - [1441 octets] - [24/12/2013 10:15:18]
AdwCleaner[R6].txt - [1561 octets] - [24/12/2013 10:33:19]
AdwCleaner[R7].txt - [1621 octets] - [24/12/2013 10:53:40]
AdwCleaner[R8].txt - [1741 octets] - [24/12/2013 15:35:30]
AdwCleaner[R9].txt - [1752 octets] - [24/12/2013 16:26:42]
AdwCleaner[S0].txt - [2703 octets] - [16/12/2013 06:36:47]
AdwCleaner[S10].txt - [2168 octets] - [27/12/2013 00:40:17]
AdwCleaner[S11].txt - [2179 octets] - [29/12/2013 02:17:43]
AdwCleaner[S12].txt - [2625 octets] - [05/01/2014 08:37:38]
AdwCleaner[S13].txt - [1769 octets] - [08/01/2014 06:34:00]
AdwCleaner[S1].txt - [925 octets] - [18/12/2013 13:23:21]
AdwCleaner[S2].txt - [1019 octets] - [18/12/2013 18:35:29]
AdwCleaner[S3].txt - [1263 octets] - [22/12/2013 04:23:25]
AdwCleaner[S4].txt - [10057 octets] - [24/12/2013 03:24:03]
AdwCleaner[S5].txt - [1504 octets] - [24/12/2013 10:16:56]
AdwCleaner[S6].txt - [1684 octets] - [24/12/2013 10:55:56]
AdwCleaner[S7].txt - [1804 octets] - [24/12/2013 15:37:14]
AdwCleaner[S8].txt - [1813 octets] - [24/12/2013 16:28:23]
AdwCleaner[S9].txt - [2045 octets] - [25/12/2013 04:01:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt - [2370 octets] ##########


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

quote:
I believe the antivirus has been on all the time.
Excellent.

quote:
The online problems I'm having are pop ups which say;
non responsive script, on yahoo
shockwave player has stopped working
and something to do with javascript on Hotmail or inbox.com I believe.
JavaScript is built into your browser. Probably the best attempt at a fix for that would be to download the current, up-to-date version of your browser, save your bookmarks, uninstall the browser, reinstall it from the new install file, and then reinstall plugins or extensions you had installed. The JavaScript error might also be something interfering with the scripting, possibly something like NoScript (an excellent addition to a browser) or some other script blocker.

As for Shockwave, I would follow the directions here:
»www.shockwave.com/help/faq_flash ··· ayer.jsp
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010