Hi Buddierdl,
Yes thanks - Computer's running a lot better now, except as you say MBAM
It will be interesting to see what you find in the minidumps
- Fixlist log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-06-2014
Ran by Ian at 2014-07-01 07:10:39 Run:2
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: c:\progra~2\sw_x64~1.boo => c:\progra~2\sw_x64~1.boo File Not Found
AppInit_DLLs-x32: c:\progra~2\sw30e4~1.boo => "c:\progra~2\sw30e4~1.boo" File Not Found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [se] => "C:\Users\Ian\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
C:\Users\Ian\AppData\Roaming\SkypEmoticons
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.x64.dll No File
C:\Program Files (x86)\NextCoup
C:\ProgramData\NextCoup
BHO-x32: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.dll No File
C:\Users\Ian\AppData\Local\Torch
C:\Users\Ian\AppData\Local\Chromatic Browser
C:\Users\HomeGroupUser$\AppData\Local\Torch
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
C:\Users\Guest\AppData\Local\Torch
C:\Users\Guest\AppData\Local\Chromatic Browser
C:\Users\ASPNET\AppData\Local\Torch
C:\Users\ASPNET\AppData\Local\Chromatic Browser
C:\Users\Administrator\AppData\Local\Torch
C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder: C:\Windows\ShellNew
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Ian\AppData\Local\Temp\nsjC61F.exe
C:\Users\Ian\AppData\Local\Temp\Quarantine.exe
C:\Users\Ian\AppData\Local\Temp\vmgrremok.exe
C:\Windows\SysWOW64\setup.exe
*****************
"c:\progra~2\sw_x64~1.boo" => Value Data removed successfully.
"c:\progra~2\sw30e4~1.boo" => Value Data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec => Moved successfully.
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\Software\Microsoft\Windows\CurrentVersion\Run\\se => value deleted successfully.
"C:\Users\Ian\AppData\Roaming\SkypEmoticons" => File/Directory not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Error deleting key. The key could be protected.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F57F2283-FAA5-883D-4454-CE70306B2D43}' => Key deleted successfully.
'HKCR\CLSID\{F57F2283-FAA5-883D-4454-CE70306B2D43}' => Key deleted successfully.
C:\Program Files (x86)\NextCoup => Moved successfully.
C:\ProgramData\NextCoup => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F57F2283-FAA5-883D-4454-CE70306B2D43}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{F57F2283-FAA5-883D-4454-CE70306B2D43}' => Key deleted successfully.
C:\Users\Ian\AppData\Local\Torch => Moved successfully.
C:\Users\Ian\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Torch => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Guest\AppData\Local\Torch => Moved successfully.
C:\Users\Guest\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\ASPNET\AppData\Local\Torch => Moved successfully.
C:\Users\ASPNET\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Administrator\AppData\Local\Torch => Moved successfully.
C:\Users\Administrator\AppData\Local\Chromatic Browser => Moved successfully.
========================= Folder: C:\Windows\ShellNew ========================
2006-09-22 00:25 - 2006-09-22 00:25 - 0008714 _____ () C:\Windows\ShellNew\EXCEL12.XLSX
2005-12-13 19:15 - 2005-12-13 19:15 - 0059904 _____ () C:\Windows\ShellNew\MSPUB.PUB
2006-09-22 00:32 - 2006-09-22 00:32 - 0027140 _____ () C:\Windows\ShellNew\PWRPNT12.PPTX
====== End of Folder: ======
C:\ProgramData\PKP_DLeo.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\nsjC61F.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\vmgrremok.exe => Moved successfully.
C:\Windows\SysWOW64\setup.exe => Moved successfully.
==== End of Fixlog ====
- ESET log
C:\FRST\Quarantine\c\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll.xBAD Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\c\Program Files (x86)\TotalRecipeSearch_14EI\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\c\Program Files (x86)\TotalRecipeSearch_14EI\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll Win32/Toolbar.MyWebSearch.Q potentially unwanted application
C:\FRST\Quarantine\c\ProgramData\Assistant\Assistant_x64.dll a variant of Win64/SProtector.A potentially unwanted application
C:\FRST\Quarantine\c\ProgramData\BEstSSaveFForYou\yLVY3.dll.xBAD a variant of Win32/AdWare.MultiPlug.Y application
C:\FRST\Quarantine\c\ProgramData\BEstSSaveFForYou\yLVY3.x64.dll.xBAD a variant of Win64/Adware.MultiPlug.B application
C:\FRST\Quarantine\c\progra~2\sw_x64~1.boo.xBAD a variant of Win64/SProtector.B potentially unwanted application
C:\FRST\Quarantine\c\Users\Ian\AppData\Local\Temp\nsjC61F.exe.xBAD Win32/Conduit.SearchProtect.R potentially unwanted application
C:\FRST\Quarantine\c\Windows\SysWOW64\setup.exe.xBAD a variant of Win32/AdWare.MultiPlug.R application
C:\Program Files (x86)\HyperCam 2\hctoolbar.exe Win32/Somoto.F potentially unwanted application
C:\Users\Ian\Desktop\Computer Stuff\CCleaner ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ian\Documents\GPS Stuff\Software\2013-12-30GPS Babble InstallConverter_brie.exe a variant of Win32/Toolbar.Conduit.AE potentially unwanted application
C:\Users\Public\Documents\Car stuff\iLividSetup.exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Public\Documents\Computer Stuff\2013-09-29 InternationalPrimoPDF.exe Win32/OpenCandy potentially unsafe application
C:\Users\Public\Documents\Computer Stuff\Internet_Explorer_10_TSA13R4YB.exe Win32/Toolbar.Conduit.AE potentially unwanted application
C:\Users\Public\Documents\Computer Stuff\Avira AV\2011-11-12 2012 Version avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Public\Documents\Computer Stuff\Avira AV\2012-10-20 2013 AV avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Public\Documents\Computer Stuff\DIM Digital Image Mover\Digial Image Mover setupDIM5_build223.exe.exe a variant of Win32/InstalleRex.R potentially unwanted application
C:\Users\Public\Documents\Computer Stuff\DIM Digital Image Mover\Dim5Manual.pdf.exe a variant of Win32/InstalleRex.R potentially unwanted application
C:\Users\Public\Documents\Computer Stuff\Geeks to Go Stuff\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Public\Documents\Computer Stuff\HyperCam\2012-02-27 HyperCam HC2Setup.exe Win32/Somoto.F potentially unwanted application
C:\Users\Public\Documents\Computer Stuff\Speccy\Speccy spsetup125.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
- SecurityCheck log
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java SE Development Kit 6 Update 27
Java version out of Date!
Adobe Flash Player 11.7.700.169 Flash Player out of Date!
Adobe Reader XI
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Thanks & Regards
Ian