Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Instant Savings? [Closed]


  • Please log in to reply

#1
RedSuedePump

RedSuedePump

    Member

  • Member
  • PipPipPip
  • 168 posts
Hi,

I didn't think I'd be back here so soon, but in my desire to 'stretch' an audio file, I had a weak moment and started downloading some software. Half way through installing, I remembered the advice I got here before and abandoned the installation....but too late, I'm having trouble with my Firefox, in that I'm getting some advertising that definitely wasn't there before, provided by 'Instant Savings'.

I've run Malwarebytes, which identified and removed one problem, but the unwanted adverts are still there.

I've tried running a scan on OTL to try to identify the problem, but it seems to get stuck when it's scanning the Firefox settings (i.e. Ctrl/Alt/Dlt leads to a no reply for the programme).

Would be grateful for any help.

RSP
  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, RedSuedePump and welcome to GeeksToGo!

You can call me Phel and today I will try to help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please note, that my answers could come with a slight delay, because they are checked by my teacher.

but it seems to get stuck when it's scanning the Firefox settings


Ok, have you tried to disable your Antivirus software? Make sure that you aren't running Firefox while OTL scan is running.
  • 0

#3
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Hi Phel,

I fear I may have troubled you unnecessarily - since posting, I ran AdwCleaner and the problem appears to have disappeared.

I've attached a copy of the AdwCleaner report - not sure if this is of use to you.

Thanks anyway

RSP

Attached Files


  • 0

#4
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

I ran AdwCleaner and the problem appears to have disappeared.


Nice to hear that. :thumbsup:

Anyway, run OTL scan and post produced log - we need to check if all is clean.
  • 0

#5
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Hi Phel,

Tried running OTL scan and it still gets stuck at Firefox settings. Strange, as the ads are still gone.

Do I need to scan with something 'stronger'?

RSP
  • 0

#6
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Have you tried recommendations in my first message? If that's not working, try to run OTL scan in Safe Mode (press F8 key during computer start).
  • 0

#7
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Hi,

Yes, tried both switching off the Norton protection and running in safe mode (Firefox was off at all times), but it still gets stuck at Firefox settings.

RSP
  • 0

#8
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Okay, try this solution:

  • Download Farbar Recovery Scan Tool here to your Desktop.
  • When completed, launch the downloaded file.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.

    Posted Image
  • Press Scan button.
  • It will make a log (FRST.txt) on the Desktop. Please copy and paste it to your reply.

  • 0

#9
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Hi,

FRST file attached. There's an addition.txt file as well. Is that any use to you?

RSP

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-07-2013 03
Ran by Sarl York Edward (administrator) on 16-07-2013 20:09:49
Running from C:\Documents and Settings\Sarl York Edward\Bureau
Microsoft Windows XP Édition familiale Service Pack 3 (X86) OS Language: French Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
(Huawei Technologies Co., Ltd.) C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Fichiers communs\Lexware\Update Manager\LxUpdateManager.exe
(Maxtor Corporation) C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Fichiers communs\Lexware\LxWebAccess\LxWebAccess.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PPort11reminder] - C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [289 2009-03-07] ()
HKLM\...\Run: [DataCardMonitor] - C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe [253952 2011-08-02] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Fichiers communs\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [MaxtorOneTouch] - C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [634880 2005-11-09] (Maxtor Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin [813448 2013-05-30] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1296281020859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: ipp - No CLSID Value -
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sarl York Edward\Application Data\Mozilla\Firefox\Profiles\scktrnnm.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @xunlei.com/DapCtrl - C:\Program Files\Fichiers communs\Thunder Network\KanKan\npDapCtrl.2.3.7201.375.(310).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF Extension: No Name - C:\Documents and Settings\Sarl York Edward\Application Data\Mozilla\Extensions\[email protected]
FF Extension: No Name - C:\Documents and Settings\Sarl York Edward\Application Data\Mozilla\Firefox\Profiles\scktrnnm.default\Extensions\[email protected]3b57c5fda.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\

========================== Services (Whitelisted) =================

S4 Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664 2011-05-25] (Apple Inc.)
S4 DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe [229376 2010-08-19] ()
S4 Freemake Improver; C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-04-02] (Freemake)
S2 gupdate1c9516b1a6a1962; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2008-11-28] (Google Inc.)
S4 IDriverT; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S4 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2005-11-09] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S4 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2565632 2011-10-24] (Deutsche Telekom AG)
S4 NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [110592 2005-11-09] ( )
S3 odserv; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S4 ose; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] ()
S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-06-19] (Skype Technologies S.A.)
S4 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] ()
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [489952 2009-10-02] (ITETech )
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh5.sys [642432 2009-11-06] (Broadcom Corporation)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-03-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-01] (Symantec Corporation)
S3 filtertdidriver; C:\Windows\System32\drivers\ewfiltertdidriver.sys [7552 2009-02-27] (Huawei Technologies Co., Ltd.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130713.001\IDSxpx86.sys [373728 2013-03-29] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130716.003\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130716.003\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
R1 PSSDK42; C:\WINDOWS\system32\Drivers\pssdk42.sys [38976 2012-04-08] (microOLAP Technologies LTD)
R1 PSSDKLBF; C:\WINDOWS\system32\Drivers\pssdklbf.sys [53312 2012-04-08] (microOLAP Technologies LTD)
R1 RapportCerberus_25973; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [57144 2011-04-13] (Trusteer Ltd.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [66360 2011-04-08] (Trusteer Ltd.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [158904 2011-04-08] (Trusteer Ltd.)
R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-25] (Symantec Corporation)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 V0700Afx; C:\Windows\System32\DRIVERS\V0700Afx.sys [302720 2010-10-20] (Creative Technology Ltd.)
R3 V0700Vid; C:\Windows\System32\DRIVERS\V0700Vid.sys [322304 2010-10-18] (Creative Technology Ltd.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
S4 IntelIde; No ImagePath
U3 TlntSvr;
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 20:09 - 2013-07-16 20:09 - 00000000 ____D C:\FRST
2013-07-16 20:08 - 2013-07-16 20:08 - 01218614 _____ (Farbar) C:\Documents and Settings\Sarl York Edward\Bureau\FRST.exe
2013-07-15 20:17 - 2013-07-15 20:17 - 00010847 _____ C:\AdwCleaner[S2].txt
2013-07-15 20:15 - 2013-07-15 20:16 - 00010754 _____ C:\AdwCleaner[R1].txt
2013-07-15 20:15 - 2013-07-15 20:15 - 00662345 _____ C:\Documents and Settings\Sarl York Edward\Bureau\AdwCleaner.exe
2013-07-14 16:27 - 2013-07-14 16:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-14 16:27 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-14 15:30 - 2013-07-14 15:31 - 00000000 ____D C:\Documents and Settings\Sarl York Edward\Bureau\Frasier S10 E11
2013-07-11 12:06 - 2013-07-11 12:06 - 00127289 _____ C:\windows\KB2834886.log
2013-07-11 12:06 - 2013-07-11 12:06 - 00127276 _____ C:\windows\KB2834904.log
2013-07-11 12:06 - 2013-07-11 12:06 - 00000000 __HDC C:\windows\$NtUninstallKB2834904_WM11$
2013-07-11 12:06 - 2013-07-11 12:06 - 00000000 __HDC C:\windows\$NtUninstallKB2834886$
2013-07-11 12:05 - 2013-07-11 12:05 - 00000000 __HDC C:\windows\$NtUninstallKB2850851$
2013-07-11 12:05 - 2013-07-11 12:05 - 00000000 __HDC C:\windows\$NtUninstallKB2845187$
2013-07-11 11:55 - 2013-07-11 11:56 - 00130760 _____ C:\windows\KB2846071-IE8.log
2013-07-11 11:04 - 2013-07-11 12:05 - 00132521 _____ C:\windows\KB2850851.log
2013-07-11 11:03 - 2013-07-11 12:05 - 00132936 _____ C:\windows\KB2845187.log
2013-07-03 19:15 - 2013-07-04 10:18 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-16 20:09 - 2013-07-16 20:09 - 00000000 ____D C:\FRST
2013-07-16 20:09 - 2007-12-07 11:55 - 00000000 ____D C:\Documents and Settings\Sarl York Edward\Bureau
2013-07-16 20:09 - 2007-12-07 11:55 - 00000000 ____D C:\Documents and Settings\Sarl York Edward\Bureau
2013-07-16 20:08 - 2013-07-16 20:08 - 01218614 _____ (Farbar) C:\Documents and Settings\Sarl York Edward\Bureau\FRST.exe
2013-07-16 20:07 - 2011-09-22 10:31 - 00000000 ____D C:\Documents and Settings\Sarl York Edward\Application Data\Skype
2013-07-16 19:56 - 2013-05-30 14:38 - 00001076 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-16 19:56 - 2013-05-30 14:38 - 00001072 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-16 19:24 - 2012-07-23 21:13 - 01609816 _____ C:\windows\WindowsUpdate.log
2013-07-16 19:22 - 2007-07-21 12:14 - 00000159 _____ C:\windows\wiadebug.log
2013-07-16 19:22 - 2007-07-21 12:14 - 00000050 _____ C:\windows\wiaservc.log
2013-07-16 19:22 - 2007-07-21 10:47 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-15 22:17 - 2007-12-07 11:55 - 00000184 __SHC C:\Documents and Settings\Sarl York Edward\ntuser.ini
2013-07-15 22:17 - 2007-12-07 11:55 - 00000184 __SHC C:\Documents and Settings\Sarl York Edward\ntuser.ini
2013-07-15 22:17 - 2007-07-21 10:47 - 00032568 _____ C:\windows\SchedLgU.Txt
2013-07-15 21:35 - 2012-08-18 08:11 - 00241233 _____ C:\windows\setupapi.log
2013-07-15 21:22 - 2012-03-31 08:38 - 00001002 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 20:18 - 2007-12-07 11:55 - 00000000 ____D C:\Documents and Settings\Sarl York Edward
2013-07-15 20:17 - 2013-07-15 20:17 - 00010847 _____ C:\AdwCleaner[S2].txt
2013-07-15 20:16 - 2013-07-15 20:15 - 00010754 _____ C:\AdwCleaner[R1].txt
2013-07-15 20:15 - 2013-07-15 20:15 - 00662345 _____ C:\Documents and Settings\Sarl York Edward\Bureau\AdwCleaner.exe
2013-07-14 19:37 - 2013-04-06 09:49 - 00011235 _____ C:\Documents and Settings\Sarl York Edward\Bureau\Jobs for Teddy.xlsx
2013-07-14 19:34 - 2007-07-21 10:25 - 00000000 ___RD C:\windows\Offline Web Pages
2013-07-14 16:27 - 2013-07-14 16:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-14 16:27 - 2007-07-21 12:12 - 00000000 ____D C:\Documents and Settings\All Users\Bureau
2013-07-14 16:02 - 2007-12-07 11:55 - 00000000 ___RD C:\Documents and Settings\Sarl York Edward\Menu Démarrer\Programmes
2013-07-14 15:50 - 2012-04-14 17:21 - 01337558 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3763518644-895795467-4165139698-1006-0.dat
2013-07-14 15:50 - 2012-04-14 17:21 - 00185150 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-07-14 15:38 - 2012-09-29 08:36 - 00000000 ____D C:\Documents and Settings\Sarl York Edward\Application Data\avidemux
2013-07-14 15:38 - 2012-04-08 16:03 - 00000000 ____D C:\Documents and Settings\Sarl York Edward\Application Data\vlc
2013-07-14 15:37 - 2008-02-05 14:44 - 00000069 _____ C:\windows\NeroDigital.ini
2013-07-14 15:35 - 2007-12-19 13:17 - 00227840 _____ C:\Documents and Settings\Sarl York Edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-14 15:31 - 2013-07-14 15:30 - 00000000 ____D C:\Documents and Settings\Sarl York Edward\Bureau\Frasier S10 E11
2013-07-14 12:34 - 2007-12-17 12:32 - 00000875 _____ C:\windows\BRWMARK.INI
2013-07-14 12:26 - 2012-04-06 09:09 - 00000000 ____D C:\Documents and Settings\Sarl York Edward\Mes documents\Sale of Flat Matignon
2013-07-14 12:25 - 2013-04-27 11:02 - 00000000 ____D C:\Documents and Settings\Sarl York Edward\Bureau\Move to Mattishall
2013-07-13 07:15 - 2007-12-17 13:14 - 00002575 _____ C:\Documents and Settings\Sarl York Edward\Bureau\Microsoft Office Word 2007.lnk
2013-07-12 10:38 - 2011-04-30 16:21 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-11 22:17 - 2007-07-21 12:12 - 01200572 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-11 18:26 - 2010-12-17 18:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 18:26 - 2007-07-21 12:11 - 00212880 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-11 12:06 - 2013-07-11 12:06 - 00127289 _____ C:\windows\KB2834886.log
2013-07-11 12:06 - 2013-07-11 12:06 - 00127276 _____ C:\windows\KB2834904.log
2013-07-11 12:06 - 2013-07-11 12:06 - 00000000 __HDC C:\windows\$NtUninstallKB2834904_WM11$
2013-07-11 12:06 - 2013-07-11 12:06 - 00000000 __HDC C:\windows\$NtUninstallKB2834886$
2013-07-11 12:06 - 2007-07-21 12:12 - 02299883 _____ C:\windows\FaxSetup.log
2013-07-11 12:06 - 2007-07-21 12:12 - 01105647 _____ C:\windows\ocgen.log
2013-07-11 12:06 - 2007-07-21 12:12 - 00883630 _____ C:\windows\tsoc.log
2013-07-11 12:06 - 2007-07-21 12:12 - 00756344 _____ C:\windows\comsetup.log
2013-07-11 12:06 - 2007-07-21 12:12 - 00455389 _____ C:\windows\ntdtcsetup.log
2013-07-11 12:06 - 2007-07-21 12:12 - 00366965 _____ C:\windows\iis6.log
2013-07-11 12:06 - 2007-07-21 12:12 - 00123520 _____ C:\windows\ocmsn.log
2013-07-11 12:06 - 2007-07-21 12:12 - 00115215 _____ C:\windows\msgsocm.log
2013-07-11 12:06 - 2007-07-21 12:12 - 00001374 _____ C:\windows\imsins.log
2013-07-11 12:06 - 2007-07-21 12:12 - 00001374 _____ C:\windows\imsins.BAK
2013-07-11 12:05 - 2013-07-11 12:05 - 00000000 __HDC C:\windows\$NtUninstallKB2850851$
2013-07-11 12:05 - 2013-07-11 12:05 - 00000000 __HDC C:\windows\$NtUninstallKB2845187$
2013-07-11 12:05 - 2013-07-11 11:04 - 00132521 _____ C:\windows\KB2850851.log
2013-07-11 12:05 - 2013-07-11 11:03 - 00132936 _____ C:\windows\KB2845187.log
2013-07-11 11:58 - 2007-12-07 13:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-07-11 11:58 - 2007-07-21 12:16 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-11 11:56 - 2013-07-11 11:55 - 00130760 _____ C:\windows\KB2846071-IE8.log
2013-07-11 11:56 - 2007-07-21 12:12 - 00533675 _____ C:\windows\updspapi.log
2013-07-11 11:31 - 2011-09-16 13:29 - 00000000 ____D C:\windows\system32\XPSViewer
2013-07-08 10:13 - 2004-08-05 14:00 - 00012598 _____ C:\windows\system32\wpa.dbl
2013-07-05 18:14 - 2013-04-01 09:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-04 10:18 - 2013-07-03 19:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-23 10:31 - 2011-09-22 10:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-06-23 10:30 - 2011-09-22 10:31 - 00000000 ___RD C:\Program Files\Skype
2013-06-20 09:58 - 2013-04-01 09:39 - 00000000 ____D C:\windows\system32\Drivers\N360
2013-06-19 11:11 - 2013-04-01 09:42 - 00142496 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT.SYS
2013-06-19 11:11 - 2013-04-01 09:42 - 00007611 _____ C:\windows\system32\Drivers\SYMEVENT.CAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-05 14:00] - [2008-04-14 04:34] - 1037824 ____A (Microsoft Corporation) f2317622d29f9ff0f88aeecd5f60f0dd

C:\Windows\System32\winlogon.exe
[2004-08-05 14:00] - [2008-04-14 04:34] - 0512000 ____A (Microsoft Corporation) dd73d6b9f6b4cb630cf35b438b540174

C:\Windows\System32\svchost.exe
[2004-08-05 14:00] - [2008-04-14 04:34] - 0014336 ____A (Microsoft Corporation) e4bdf223cd75478bf44567b4d5c2634d

C:\Windows\System32\services.exe
[2004-08-05 14:00] - [2009-02-09 13:23] - 0111104 ____A (Microsoft Corporation) c3fb1d70cb88722267949694ba51759e

C:\Windows\System32\User32.dll
[2004-08-05 14:00] - [2008-04-14 04:33] - 0579584 ____A (Microsoft Corporation) e853f84d3ce2faa2a802e33cf89ac023

C:\Windows\System32\userinit.exe
[2004-08-05 14:00] - [2008-04-14 04:34] - 0026624 ____A (Microsoft Corporation) e74ddb12188c2ff57a78624dbf7332fc

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-05 14:00] - [2008-04-14 03:56] - 0053376 ____A (Microsoft Corporation) 46de1126684369bace4849e4fc8c43ca


==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   25.58KB   32 downloads

  • 0

#10
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

Is that any use to you?


Yep, it would be nice to see it.

  • Open notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select Copy).
  • Right-click in the open notepad and select Paste.
  • Save it in the same location with FRST as fixlist.txt.

    FF Extension: No Name - C:\Documents and Settings\Sarl York Edward\Application Data\Mozilla\Firefox\Profiles\scktrnnm.default\Extensions\[email protected]3b57c5fda.com

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Run FRST and press the Fix button just once and wait. The tool will make a log in the same folder with FRST (Fixlog.txt). Please post it in your next reply.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next message:

  • Fixlog.txt
  • OTL log

  • 0

Advertisements


#11
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Hi,

Sorry for the delay.

I've attached the addition file from the original FRST scan and also the fixlog file from FRST.

However, when I run an OTL scan, it gets stuck when it scans the Firefox settings, so I have to ctrl/alt/del and it shows it as not responding, so I ended the programme.

RSP

Attached Files


  • 0

#12
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello,

Please, reset your Firefox as it's written here.

When completed, please, try to run OTL scan once more.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned :)
  • 0

#15
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, RedSuedePump,

So, what about OTL log?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP