Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cpu runs flat out and overheat ? [Closed]


  • This topic is locked This topic is locked

#1
lurch 56

lurch 56

    Member

  • Member
  • PipPip
  • 25 posts
hi my CPU running fast and will over heat if i play games etc i have sent screen shots from start up to problem turn on short peak then as a rule 25 30 % click on Facebook and log on then CPU up and down like yo yo then settles at 20 ish % when i click on game poker was used for picks then CPU hits 70 -90 % with 100% peeks if i was to try and play will overheat and shut down i have used a vacuum cleaner on the air intake and exhaust some dust came out as used a tissue to catch any junk the fan runs as normal i can not find any abnormal updates new anti virus ( kaspersky )no bugs showing on that had a few attacks but report says dealt with so at a loss as where next i am a novices so click by click would help on reply lol all been great until 3-4 month ago when prob started been down you forum s looking for bits to try as you will see used a few links that i think will help Attached File  OTL.Txt   92.93KB   56 downloadscpu snip.JPG cpu snip 1.JPG cpu snip 2.JPG cpu snip 4.JPG cpu snip 6.JPG cpu snip 7.JPG cpu snip 8.JPG cpu snip 9.JPG --------i think the shots are in order if any outher info required then will do best to reply asap thanks for any help Paul


























0
  • 0

Advertisements


#2
lurch 56

lurch 56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
trying a fix from this angle of attack...... http://www.geekstogo...m-going-to-max/
will delete this if it works
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello lurch 56,

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
So when you return please post
  • JRT.txt
  • FRST.txt

Note: Unless otherwise instructed do not attach your logs, always post them in the thread. :)
  • 0

#4
lurch 56

lurch 56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hi done as requested Attached File  JRT.txt   6.07KB   55 downloadsAttached File  FRST.txt   33.7KB   51 downloads
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
I am posting the logs in the thread as requested in my last post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Paul on 29/11/2013 at 18:26:47.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\search protection
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2769726
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A5943DA5-E8A3-4A6A-90EE-7CC9F867D8E4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Paul\AppData\Roaming\advanced system protector"
Successfully deleted: [Folder] "C:\Users\Paul\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Users\Paul\AppData\Roaming\pricegong"
Successfully deleted: [Folder] "C:\Users\Paul\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\conduitengine"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/11/2013 at 18:36:29.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-11-2013
Ran by Paul (administrator) on USER-PC on 29-11-2013 18:46:26
Running from C:\Users\Paul\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
( ) C:\Windows\System32\lxeacoms.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Sage (UK) Limited) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-15] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-08-09] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [BlackBerryAutoUpdate] - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [623960 2009-11-19] (Research In Motion Limited)
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [236016 2009-07-08] (Sonic Solutions)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-24] (Google Inc.)
HKCU\...\Run: [igndlm.exe] - C:\Program Files\Download Manager\DLM.exe [1103216 2009-05-15] (IGN Entertainment)
HKCU\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE [249440 2013-09-15] (SEIKO EPSON CORPORATION)
MountPoints2: D - D:\AutoRun.exe
MountPoints2: {4b09093b-05fa-11e0-bbb0-00164492485e} - D:\AutoRun.exe
MountPoints2: {83a85893-5b6f-11e0-b822-00a0d1990b20} - D:\AUTORUN.EXE
MountPoints2: {83a85895-5b6f-11e0-b822-00a0d1990b20} - D:\AUTORUN.EXE
MountPoints2: {877131bf-0965-11e0-b6ca-00164492485e} - G:\AutoRun.exe
MountPoints2: {9bf70dca-09e9-11e0-90ca-00a0d1990b20} - "I:\WD SmartWare.exe" autoplay=true
MountPoints2: {bcaee68f-b012-11e1-ad29-00164492485e} - D:\AutoRun.exe
MountPoints2: {c427435f-33f7-11e3-9659-806e6f6e6963} - G:\AutoRun.exe
MountPoints2: {c7f5b097-5af7-11e0-b161-00164492485e} - D:\AUTORUN.EXE
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()
HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()
HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-09-21] (Google Inc.)
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ekiga.lnk
ShortcutTarget: Ekiga.lnk -> C:\Program Files\Ekiga\ekiga.exe (No File)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
URLSearchHook: HKCU - (No Name) - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {6736FCF0-A792-4775-8859-257F76702CCA} URL = http://www.google.co...}&sourceid=ie7;
SearchScopes: HKLM - {6736FCF0-A792-4775-8859-257F76702CCA} URL = http://www.google.co...}&sourceid=ie7;
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKCU - {6736FCF0-A792-4775-8859-257F76702CCA} URL = http://www.google.co...&rlz=1I7WZPC_en
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.amazon.co.uk/gp/bit/amazonserp/ref=bit_bds-p14_serp_cr_uk_display?ie=UTF8&tagbase=bds-p14&tbrId=v1_abb-channel-14_2365d21bac2d4ed9b7872e9b8378f6fc_16_37_20130620_GB_cr_sp_BD20130620", "hxxp://search.conduit.com/?ctid=CT3297986&SearchSource=48&CUI=UN45073175220672524&UM=2"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
CHR Plugin: (IGN Download Manager Plug-in) - C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Unity Player) - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Paul\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1021_0
CHR Extension: (Safe Money) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0
CHR Extension: (Virtual Keyboard) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4794_0
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Anti-Banner) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [ecdnkeodklpalhjkgeigeckkonbnddpi] - C:\Users\Paul\AppData\Local\CRE\ecdnkeodklpalhjkgeigeckkonbnddpi.crx
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-10] (Kaspersky Lab ZAO)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [598696 2010-04-14] ( )
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
R2 Sage SData Service; C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe [49152 2009-08-21] (Sage (UK) Limited)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
S2 TOSHIBA Bluetooth Service;

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-07] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [575584 2013-11-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145120 2013-06-06] (Kaspersky Lab ZAO)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [252416 2007-06-01] (Realtek Semiconductor Corporation )
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2012-11-13] ()
S2 adfs; No ImagePath
S4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
S4 blbdrive; No ImagePath
S3 IpInIp; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
S3 LgBttPort; No ImagePath
S3 lgbusenum; No ImagePath
S3 LGVMODEM; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 RimUsb; No ImagePath
S3 Tosrfcom; No ImagePath
S3 usbbus; No ImagePath
S3 UsbDiag; No ImagePath
S3 USBModem; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-29 18:46 - 2013-11-29 18:47 - 00023546 _____ C:\Users\Paul\Downloads\FRST.txt
2013-11-29 18:46 - 2013-11-29 18:46 - 00000000 ____D C:\FRST
2013-11-29 18:43 - 2013-11-29 18:44 - 01959024 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe
2013-11-29 18:40 - 2013-11-29 18:41 - 01092049 _____ (Farbar) C:\Users\Paul\Downloads\FRST.exe
2013-11-29 18:36 - 2013-11-29 18:36 - 00006213 _____ C:\Users\Paul\Desktop\JRT.txt
2013-11-29 18:26 - 2013-11-29 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-11-29 18:10 - 2013-11-29 18:10 - 01034531 _____ (Thisisu) C:\Users\Paul\Downloads\JRT.exe
2013-11-23 23:44 - 2013-11-23 23:44 - 00915368 _____ (Oracle Corporation) C:\Users\Paul\Downloads\chromeinstall-7u45.exe
2013-11-22 23:30 - 2013-11-22 23:30 - 00000809 _____ C:\Users\Paul\Desktop\SpeedFan.lnk
2013-11-22 23:30 - 2013-11-22 23:30 - 00000809 _____ C:\Users\Guest\Desktop\SpeedFan.lnk
2013-11-22 23:30 - 2013-11-22 23:30 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-11-22 23:30 - 2013-11-22 23:30 - 00000000 ____D C:\Program Files\SpeedFan
2013-11-22 23:29 - 2013-11-22 23:30 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-11-22 23:26 - 2013-11-22 23:27 - 01891864 _____ C:\Users\Paul\Downloads\installspeedfan440.exe
2013-11-20 15:01 - 2013-11-20 19:02 - 00060582 _____ C:\Users\Paul\Downloads\Extras.Txt
2013-11-20 14:58 - 2013-11-20 18:59 - 00095156 _____ C:\Users\Paul\Downloads\OTL.Txt
2013-11-20 14:38 - 2013-11-20 14:38 - 00602112 _____ (OldTimer Tools) C:\Users\Paul\Downloads\OTL.exe
2013-11-20 13:58 - 2013-11-20 13:58 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Paul\Downloads\procexp.exe
2013-11-14 14:00 - 2013-10-13 11:55 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 14:00 - 2013-10-13 11:55 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 14:00 - 2013-10-13 11:55 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 14:00 - 2013-10-13 11:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-14 14:00 - 2013-10-13 11:51 - 06018048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 14:00 - 2013-10-13 11:51 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 14:00 - 2013-10-13 11:51 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-11-14 14:00 - 2013-10-13 11:51 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 14:00 - 2013-10-13 11:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-14 14:00 - 2013-10-13 11:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-14 14:00 - 2013-10-13 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 14:00 - 2013-10-13 11:49 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 14:00 - 2013-10-13 11:49 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 14:00 - 2013-10-13 11:49 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 14:00 - 2013-10-13 11:49 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-14 14:00 - 2013-10-13 11:49 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-14 14:00 - 2013-10-13 11:49 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 14:00 - 2013-10-13 11:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 14:00 - 2013-10-13 11:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 14:00 - 2013-10-13 11:49 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 14:00 - 2013-10-13 11:47 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-11-14 14:00 - 2013-10-13 10:09 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-14 14:00 - 2013-10-13 08:28 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 14:00 - 2013-10-13 08:27 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 14:00 - 2013-10-13 08:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-14 14:00 - 2013-10-13 08:25 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 14:00 - 2013-10-11 02:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 14:00 - 2013-10-11 02:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 14:00 - 2013-10-11 00:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 14:00 - 2013-10-03 12:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 14:00 - 2013-10-03 12:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

==================== One Month Modified Files and Folders =======

2013-11-29 18:47 - 2013-11-29 18:46 - 00023546 _____ C:\Users\Paul\Downloads\FRST.txt
2013-11-29 18:46 - 2013-11-29 18:46 - 00000000 ____D C:\FRST
2013-11-29 18:44 - 2013-11-29 18:43 - 01959024 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe
2013-11-29 18:43 - 2012-07-08 20:32 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954790308-1874760727-124245015-1005UA.job
2013-11-29 18:42 - 2012-05-29 13:30 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954790308-1874760727-124245015-1005UA.job
2013-11-29 18:41 - 2013-11-29 18:40 - 01092049 _____ (Farbar) C:\Users\Paul\Downloads\FRST.exe
2013-11-29 18:40 - 2010-05-16 09:50 - 00005708 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-29 18:39 - 2009-06-17 12:45 - 01689585 _____ C:\Windows\WindowsUpdate.log
2013-11-29 18:38 - 2010-02-03 22:36 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-29 18:36 - 2013-11-29 18:36 - 00006213 _____ C:\Users\Paul\Desktop\JRT.txt
2013-11-29 18:30 - 2013-07-04 01:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-29 18:26 - 2013-11-29 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-11-29 18:22 - 2013-10-10 16:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-29 18:10 - 2013-11-29 18:10 - 01034531 _____ (Thisisu) C:\Users\Paul\Downloads\JRT.exe
2013-11-29 17:28 - 2010-03-15 11:10 - 00065131 _____ C:\Windows\setupact.log
2013-11-29 17:13 - 2010-02-03 22:36 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-29 17:12 - 2012-06-04 21:28 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-29 17:12 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-29 17:12 - 2006-11-02 12:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 17:12 - 2006-11-02 12:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 15:26 - 2006-11-02 13:01 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-29 12:16 - 2010-12-13 19:48 - 00000416 ____H C:\Windows\Tasks\User_Feed_Synchronization-{5B3F6DD2-6757-4ECD-A96C-3046CF43A301}.job
2013-11-29 12:05 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\tracing
2013-11-28 21:43 - 2012-07-08 20:32 - 00000900 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954790308-1874760727-124245015-1005Core.job
2013-11-25 08:42 - 2012-05-29 13:30 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954790308-1874760727-124245015-1005Core.job
2013-11-23 23:44 - 2013-11-23 23:44 - 00915368 _____ (Oracle Corporation) C:\Users\Paul\Downloads\chromeinstall-7u45.exe
2013-11-22 23:30 - 2013-11-22 23:30 - 00000809 _____ C:\Users\Paul\Desktop\SpeedFan.lnk
2013-11-22 23:30 - 2013-11-22 23:30 - 00000809 _____ C:\Users\Guest\Desktop\SpeedFan.lnk
2013-11-22 23:30 - 2013-11-22 23:30 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-11-22 23:30 - 2013-11-22 23:30 - 00000000 ____D C:\Program Files\SpeedFan
2013-11-22 23:30 - 2013-11-22 23:29 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-11-22 23:27 - 2013-11-22 23:26 - 01891864 _____ C:\Users\Paul\Downloads\installspeedfan440.exe
2013-11-20 19:02 - 2013-11-20 15:01 - 00060582 _____ C:\Users\Paul\Downloads\Extras.Txt
2013-11-20 18:59 - 2013-11-20 14:58 - 00095156 _____ C:\Users\Paul\Downloads\OTL.Txt
2013-11-20 14:38 - 2013-11-20 14:38 - 00602112 _____ (OldTimer Tools) C:\Users\Paul\Downloads\OTL.exe
2013-11-20 13:58 - 2013-11-20 13:58 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Paul\Downloads\procexp.exe
2013-11-19 20:44 - 2009-09-02 15:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-18 17:50 - 2010-12-17 16:52 - 00000000 ____D C:\Users\Paul\Documents\WebCam Media
2013-11-15 20:23 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\rescache
2013-11-15 11:27 - 2013-07-19 21:10 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 11:26 - 2006-11-02 10:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-11 05:50 - 2009-11-25 06:56 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 09:25 - 2013-10-10 16:40 - 00575584 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-11-07 09:25 - 2013-05-06 08:22 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-10-30 13:36 - 2010-02-03 22:17 - 00000000 ____D C:\Scanning

Files to move or delete:
====================
C:\Users\Paul\AppData\Roaming\desktop.ini
C:\Users\Paul\avgcorex.dll


Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\ainwpwuk.dll
C:\Users\Paul\AppData\Local\Temp\ConduitEngin0.dll
C:\Users\Paul\AppData\Local\Temp\jcymtpiu.dll
C:\Users\Paul\AppData\Local\Temp\nsrFB76.exe
C:\Users\Paul\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Paul\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Paul\AppData\Local\Temp\sfamcc00003.dll
C:\Users\Paul\AppData\Local\Temp\sfareca00002.dll
C:\Users\Paul\AppData\Local\Temp\sfextra.dll
C:\Users\Paul\AppData\Local\Temp\tbSea2.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-29 17:20

==================== End Of Log ============================
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello lurch 56,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Go to the link below and follow the instructions on how to delete cache and cookies:

https://support.goog...wer/95582?hl=en

So when you return please post
  • FRST.txt

  • 0

#7
lurch 56

lurch 56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hope this is it sorry been up for ages so tired lolAttached File  Fixlog.txt   4.3KB   53 downloads i clear the history every outer day the top 4 box's are ticked

Edited by lurch 56, 29 November 2013 - 03:19 PM.

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-11-2013
Ran by Paul at 2013-11-29 20:57:53 Run:1
Running from C:\Users\Paul\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll No File
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx
C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx
C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx
C:\Program Files\AVG
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
C:\Users\Paul\avgcorex.dll
C:\Users\Paul\AppData\Local\Temp\ainwpwuk.dll
C:\Users\Paul\AppData\Local\Temp\ConduitEngin0.dll
C:\Users\Paul\AppData\Local\Temp\jcymtpiu.dll
C:\Users\Paul\AppData\Local\Temp\nsrFB76.exe
C:\Users\Paul\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Paul\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Paul\AppData\Local\Temp\sfamcc00003.dll
C:\Users\Paul\AppData\Local\Temp\sfareca00002.dll
C:\Users\Paul\AppData\Local\Temp\sfextra.dll
C:\Users\Paul\AppData\Local\Temp\tbSea2.dll
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F4E6547E-325B-403C-A3BB-AD29ED37A92F} => Value deleted successfully.
HKCR\CLSID\{F4E6547E-325B-403C-A3BB-AD29ED37A92F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla => Key deleted successfully.
"C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx" => File/Directory not found.
"C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key deleted successfully.
"C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx" => File/Directory not found.
"C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx" => File/Directory not found.
C:\Program Files\AVG => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
AVGIDSHX => Service deleted successfully.
AVGIDSShim => Service deleted successfully.
C:\Users\Paul\avgcorex.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\ainwpwuk.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\ConduitEngin0.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\jcymtpiu.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\nsrFB76.exe => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\sfamcc00001.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\sfamcc00002.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\sfamcc00003.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\sfareca00002.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\sfextra.dll => Moved successfully.
C:\Users\Paul\AppData\Local\Temp\tbSea2.dll => Moved successfully.

==== End of Fixlog ====
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

hope this is it sorry been up for ages so tired lol


Time to go to bed I think. ;)

You might like to do this tomorrow your time. :)

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#10
lurch 56

lurch 56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ok got clear head today lol ran combo fix here the report a big thanks to all trying to help out there Attached File  ComboFix.txt   10.17KB   83 downloads
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Please paste the log in the thread as asked at post #3.
  • 0

#12
lurch 56

lurch 56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Attached File  ComboFix.txt   10.17KB   45 downloadshi report as asked laptop running better had a small glitch on shutdown last night had to load this ?prob 1.JPG would not shut down without it
  • 0

#13
lurch 56

lurch 56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Attached File  ComboFix.txt   10.17KB   45 downloadshi report as asked laptop running better had a small glitch on shutdown last night had to load this ?prob 1.JPG would not shut down without it
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
I take it from your last two posts that you don't know how to copy and paste the report?

It's very simple so hopefully you will do it next time.

In any event I have again downloaded your attachment and post it here now:

ComboFix 13-11-27.01 - Paul 30/11/2013 19:15:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.892 [GMT 0:00]
Running from: c:\users\Paul\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2013-10-28 to 2013-11-30 )))))))))))))))))))))))))))))))
.
.
2013-11-30 19:25 . 2013-11-30 19:26 -------- d-----w- c:\users\Paul\AppData\Local\temp
2013-11-30 19:25 . 2013-11-30 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-30 19:25 . 2013-11-30 19:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-29 18:46 . 2013-11-29 18:46 -------- d-----w- C:\FRST
2013-11-29 18:26 . 2013-11-29 18:26 -------- d-----w- c:\windows\ERUNT
2013-11-29 11:15 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9DE4A6F-BA5D-405B-859B-ABA09AF70F11}\mpengine.dll
2013-11-22 23:30 . 2013-11-22 23:30 -------- d-----w- c:\program files\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-11 05:50 . 2009-11-25 06:56 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-07 09:25 . 2013-05-06 08:22 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-10-10 17:03 . 2013-05-05 21:42 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-10-10 17:03 . 2013-06-10 11:27 25696 ----a-w- c:\windows\system32\drivers\klim6.sys
2013-10-10 17:03 . 2013-05-05 21:42 25696 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-09-15 16:57 . 2013-09-15 16:59 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2013-09-15 16:57 . 2013-09-15 16:59 81408 ----a-w- c:\windows\system32\E_FD4BHAE.DLL
2013-09-15 16:57 . 2013-09-14 16:05 95232 ----a-w- c:\windows\system32\E_FLBHAE.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn4\yt.dll" [2013-08-07 1561880]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Facebook Update"="c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE" [2013-09-15 249440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
.
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1000 J110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN11621GYY05D2;CONNECTION=USB;MONITOR=1; [2006-11-2 44544]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray
.

View=show_in_tray [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-04 01:55]
.
2013-11-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954790308-1874760727-124245015-1005Core.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-08 20:38]
.
2013-11-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1954790308-1874760727-124245015-1005UA.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-08 20:38]
.
2013-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:36]
.
2013-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:36]
.
2013-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954790308-1874760727-124245015-1005Core.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 04:48]
.
2013-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954790308-1874760727-124245015-1005UA.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 04:48]
.
2013-11-30 c:\windows\Tasks\User_Feed_Synchronization-{5B3F6DD2-6757-4ECD-A96C-3046CF43A301}.job
- c:\windows\system32\msfeedssync.exe [2013-11-14 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com
mStart Page = hxxp://uk.yahoo.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f4e6547e-325b-403c-a3bb-ad29ed37a92f} - (no file)
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ekiga.lnk - c:\program files\Ekiga\ekiga.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-30 19:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-11-30 19:29:42
ComboFix-quarantined-files.txt 2013-11-30 19:29
.
Pre-Run: 23,666,458,624 bytes free
Post-Run: 26,533,343,232 bytes free
.
- - End Of File - - 43C83D85024BD80B6FE7E299CC7DBAFF
5C616939100B85E558DA92B899A0FC36
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello lurch 56,

I assume your Kaspersky is the paid for version and up to date in which case I am wondering if there is some conflict going on with Windows Defender which appears to be live.

Let's try to turn it off and see whether that makes a difference.

Go to the link below for instructions on how to turn on and off Windows Defender in Vista and turn it off.

http://windows.micro...ction-on-or-off

Next

RunSystem File Checker

1.Open an elevated command prompt. To do this, go to Start > All Programs > Accessories right-click Command Prompt and click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
2.At the command prompt, type the following command, and then press ENTER:

sfc /scannow (note the gap... it should be there)

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

After that

How to run Chkdsk in Vista:

  • Right click on the Start > Explore.
  • Select the hard drive letter (usually local disk C) for which you want to run the Chkdsk utility.
  • Right-click on the driver letter and select Properties > Tools.
  • Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
  • Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
  • Click Start.

Chkdsk will not run if the drive you wish to check is in use. You will requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer. Turn off the computer and then turn it back on, Chkdsk will run.

Note: Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Finally in this post

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your computer is now.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP