Main site > MoneySavingExpert.com Forums > Household & Travel > Techie Stuff > how to get rid of Malware on my pc ? (Page 1)

IMPORTANT! This is MoneySavingExpert's open forum - anyone can post

Please exercise caution & report any spam, illegal, offensive, racist, libellous post to forumteam@moneysavingexpert.com

  • Be nice to all MoneySavers
  • All the best tips go in the MoneySavingExpert weekly email

    Plus all the new guides, deals & loopholes

  • No spam/referral links
or Login with Facebook
how to get rid of Malware on my pc ?
Reply
Views: 865
Thread Tools Search this Thread Display Modes
# 1
aayush
Old 18-05-2013, 7:53 AM
MoneySaving Stalwart
 
Join Date: Jun 2011
Posts: 367
Thanked 12 Times in 7 Posts
Default how to get rid of Malware on my pc ?

Hi can any one help and advise of free way of getting rid of the above
aayush is offline
Reply With Quote Report Post
# 2
gonzo127
Old 18-05-2013, 8:02 AM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2009
Location: Near Canterbury
Posts: 3,643
Thanked 4,138 Times in 2,112 Posts
Default

look in the sticky threads at one called how to speed up a slow or infected computer
Drop a brand challenge
on a £100 shop you might on average get 70 items save
10p per product = £7 a week ~ £28 a month
20p per product = £14 a week ~ £56 a month
30p per product = £21 a week ~ £84 a month (or in other words one weeks shoping at the new price)
gonzo127 is online now
Reply With Quote Report Post
The Following User Says Thank You to gonzo127 For This Useful Post: Show me >>
# 3
waddler_8
Old 18-05-2013, 9:09 AM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,558
Thanked 2,106 Times in 1,907 Posts
Default

Post me a DDS log - should take 2-3 minutes - & a brief explanation of what is wrong..

Download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:
  • Double click DDS to run it.
  • Click Start
  • When it's finished, DDS will open two logs:
  1. DDS.txt
  2. Attach.txt
Save both reports to your desktop.

Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
waddler_8 is offline
Reply With Quote Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 4
aayush
Old 18-05-2013, 11:12 AM
MoneySaving Stalwart
 
Join Date: Jun 2011
Posts: 367
Thanked 12 Times in 7 Posts
Default

Dear waddler

Please see below

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483
Run by sanjay at 11:06:42 on 2013-05-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2036.633 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\MyPC Backup\BackupStack.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\sanjay\AppData\Local\Microsoft\SkyDrive\S kyDrive.exe
C:\Program Files\Zoom Downloader\DownloadManager.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
C:\Program Files\MyPC Backup\Signup Wizard.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=31&utm_source=sm&utm_c ontent=1&utm_term=6A1B973BAEAD4797
uDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=31&utm_source=sm&utm_c ontent=1&utm_term=6A1B973BAEAD4797
mStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=31&utm_source=sm&utm_c ontent=1&utm_term=6A1B973BAEAD4797
mDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=31&utm_source=sm&utm_c ontent=1&utm_term=6A1B973BAEAD4797
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Discount Buddy: {11111111-1111-1111-1111-110211671166} - c:\program files\discount buddy\Discount Buddy.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.16.16\bh\delta.dll
BHO: SafeSearch: {e27d5867-80de-4449-9c03-71707c0db05b} - c:\program files\safesearch\ie\adxloader.dll
BHO: Zoom Downloader: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} -
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: SafeSearch Toolbar: {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - c:\program files\safesearch\ie\adxloader.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.16.16\deltaTlbr.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\users\sanjay\appdata\local\google\update\Googl eUpdate.exe" /c
uRun: [MPOptimizer] "c:\program files\maxperforma optimizer\MaxPerforma.exe" /scan
uRun: [Facebook Update] "c:\users\sanjay\appdata\local\facebook\update\Fac ebookUpdate.exe" /c /nocrashserver
uRun: [SkyDrive] "c:\users\sanjay\appdata\local\microsoft\skydrive\ SkyDrive.exe" /background
uRun: [FDPRO-516] c:\program files\fighters\FighterLauncher.exe FDPRO
uRun: [DownloadManager] "c:\program files\zoom downloader\DownloadManager.exe" /as
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\users\sanjay\appdata\roaming\micros~1\windows\s tartm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{6473A8BF-841D-4F18-88C8-76ACE22DA225} : DHCPNameServer = 192.168.1.254 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\896\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-2-19 565888]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-2-19 210608]
R1 MpKslb1915205;MpKslb1915205;c:\programdata\microso ft\microsoft antimalware\definition updates\{5a209028-1160-44e8-a7aa-0918d35fa0db}\MpKslb1915205.sys [2013-5-18 29904]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-5-11 32808]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-5-17 60920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2013-5-18 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-5-17 235264]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-5-17 363080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK. sys [2013-5-17 146872]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-5-17 65928]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-5-17 92632]
.
=============== Created Last 30 ================
.
2013-05-18 09:55:54 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a209028-1160-44e8-a7aa-0918d35fa0db}\MpKslb1915205.sys
2013-05-18 07:40:59 -------- d-----w- c:\users\sanjay\appdata\roaming\Malwarebytes
2013-05-18 07:40:32 -------- d-----w- c:\programdata\Malwarebytes
2013-05-18 07:40:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-18 07:40:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-17 22:53:53 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a209028-1160-44e8-a7aa-0918d35fa0db}\mpengine.dll
2013-05-17 19:08:46 -------- d-----w- c:\users\sanjay\appdata\local\Zoom_Downloader
2013-05-17 19:08:33 -------- d-----w- c:\program files\Zoom Downloader
2013-05-17 19:06:56 -------- d-----w- c:\users\sanjay\appdata\roaming\Fighters
2013-05-17 19:06:50 -------- d-----w- c:\programdata\Fighters
2013-05-17 19:06:14 -------- d-----w- c:\program files\MyPC Backup
2013-05-17 18:04:24 -------- d-----w- c:\users\sanjay\appdata\local\Wajam
2013-05-17 18:04:19 -------- d-----w- c:\program files\Wajam
2013-05-17 18:03:08 -------- d-----w- c:\users\sanjay\appdata\roaming\BabSolution
2013-05-17 18:03:07 -------- d-----w- c:\program files\Delta
2013-05-17 18:02:57 -------- d-----w- c:\users\sanjay\appdata\roaming\Delta
2013-05-17 18:02:26 -------- d-----w- c:\users\sanjay\appdata\roaming\Babylon
2013-05-17 18:02:26 -------- d-----w- c:\programdata\Babylon
2013-05-17 10:23:48 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-05-17 10:22:39 10088 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-05-17 10:22:21 92632 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-05-17 10:22:21 363080 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-05-17 10:22:20 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-05-17 10:22:20 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-05-17 10:22:20 235264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-05-17 10:22:12 -------- d-----w- c:\program files\common files\Mcafee
2013-05-17 10:22:02 -------- d-----w- c:\program files\McAfee.com
2013-05-17 10:21:37 -------- d-----w- c:\program files\McAfee
2013-05-17 10:08:03 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-05-17 08:13:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 21:52:43 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-16 18:21:33 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 18:21:33 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 18:21:07 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-14 21:53:32 -------- d-----w- c:\users\sanjay\appdata\roaming\LibreOffice
2013-05-14 21:49:32 -------- d-----w- c:\windows\System64
2013-05-14 21:45:42 -------- d-----w- c:\program files\LibreOffice 4.0
2013-05-14 21:39:05 -------- d-----w- c:\users\sanjay\appdata\local\Discount Buddy
2013-05-14 21:39:00 -------- d-----w- c:\program files\Discount Buddy
2013-05-14 21:38:24 -------- d-----w- c:\users\sanjay\appdata\local\TNT2
2013-05-14 17:51:27 -------- d-----w- c:\users\sanjay\appdata\local\Kingsoft
2013-05-14 17:48:54 -------- d-----w- c:\users\sanjay\appdata\roaming\Kingsoft
2013-05-14 17:48:45 -------- d-----w- c:\programdata\Kingsoft
2013-05-14 17:48:04 -------- d-----w- c:\program files\Kingsoft
2013-05-14 15:27:54 -------- d-----w- c:\program files\MSECache
2013-05-14 13:54:33 -------- d-----w- c:\users\sanjay\appdata\local\ElevatedDiagnostics
2013-05-05 08:44:15 83968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAR. DLL
2013-05-05 08:44:15 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAR. DLL
2013-05-05 08:42:53 310272 ----a-w- c:\windows\system32\CNMLMAR.DLL
2013-05-05 08:39:37 323584 ----a-w- c:\windows\system32\CNC_ARL.dll
2013-05-05 08:39:37 114688 ----a-w- c:\windows\system32\CNC_ARI.dll
2013-05-05 08:39:36 286720 ----a-w- c:\windows\system32\CNC_ARC.dll
2013-05-05 08:39:36 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2013-05-05 08:39:36 114688 ----a-w- c:\windows\system32\CNC_ARU.dll
2013-05-02 01:15:43 -------- d--h--w- C:\SkyDriveTemp
2013-05-02 01:13:13 -------- d-----w- c:\program files\Microsoft SkyDrive
2013-05-02 01:13:13 -------- d-----r- c:\users\sanjay\SkyDrive
2013-05-02 01:12:45 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-04-24 11:04:19 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{594a395e-228c-4e73-abe2-d8612f84fddc}\gapaengine.dll
.
==================== Find3M ====================
.
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 13:42:55 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-07 14:29:30 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2013-03-03 19:07:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-02-19 13:12:24 210608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 13:09:52 565888 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 13:07:50 133416 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 11:09:49.11 ===============
aayush is offline
Reply With Quote Report Post
# 5
aayush
Old 18-05-2013, 11:14 AM
MoneySaving Stalwart
 
Join Date: Jun 2011
Posts: 367
Thanked 12 Times in 7 Posts
Default

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/03/2013 14:30:03
System Uptime: 18/05/2013 10:55:09 (1 hours ago)
.
Motherboard: MSI | | Boston
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 159.294 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.373 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
AOL Toolbar 5.0
BT NetProtect Plus
Canon MG3100 series MP Drivers
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
Delta Chrome Toolbar
Delta toolbar
Discount Buddy
Facebook Video Calling 1.2.0.287
Google Chrome
Google Talk Plugin
Google Update Helper
GoToAssist Corporate
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Easy Setup - Frontend
HP Total Care Advisor
HP Update
Intel(R) Graphics Media Accelerator Driver
Java(TM) SE Runtime Environment 6 Update 1
Kingsoft Office 2012 (8.1.0.3385)
LabelPrint
LibreOffice 4.0.3.3
LightScribe System Software 1.12.37.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft SkyDrive
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
muvee autoProducer 6.1
My HP Games
MyPC Backup
Power2Go
Python 2.5
Realtek High Definition Audio Driver
SafeSearch
Search.us.com
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shared C Run-time for x86
Skype Click to Call
Skype™ 6.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Wajam
Zoom Downloader
.
==== End Of File ===========================
aayush is offline
Reply With Quote Report Post
# 6
waddler_8
Old 18-05-2013, 12:12 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,558
Thanked 2,106 Times in 1,907 Posts
Default

Uninstall all these:

Delta Chrome Toolbar
Delta toolbar
Discount Buddy
MyPC Backup
SafeSearch
Search.us.com
Wajam
Zoom Downloader


Uninstall or change a program - http://windows.microsoft.com/en-gb/w...ange-a-program


Then download AdwCleaner from the link below & save it to your desktop.

LINK

Then,
  • Right click AdwCleaner.exe & choose "Run as administrator" to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.
waddler_8 is offline
Reply With Quote Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 7
spud17
Old 18-05-2013, 1:48 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Oct 2006
Location: Devon
Posts: 3,505
Thanked 1,599 Times in 1,320 Posts
Default

waddler_8, assume you noticed multiple av's.
(Just checking, don't want to interfere.)
Sorry if I do not reply immediately, but I'm now only here occasional evenings and some weekends. (Just for dcm )

A watched file transfer never finishes.
spud17 is offline
Reply With Quote Report Post
The Following User Says Thank You to spud17 For This Useful Post: Show me >>
# 8
waddler_8
Old 18-05-2013, 1:54 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,558
Thanked 2,106 Times in 1,907 Posts
Default

Yes - noticed it. We'll get rid of the junkware first. There's Java and Adobe to update too.
waddler_8 is offline
Reply With Quote Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 9
aayush
Old 18-05-2013, 4:25 PM
MoneySaving Stalwart
 
Join Date: Jun 2011
Posts: 367
Thanked 12 Times in 7 Posts
Default

# AdwCleaner v2.301 - Logfile created 05/18/2013 at 16:20:10
# Updated 16/05/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : sanjay - SANJAY-PC
# Boot Mode : Normal
# Running from : C:\Users\sanjay\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\sanjay\AppData\Local\APN
Folder Deleted : C:\Users\sanjay\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\sanjay\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\sanjay\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.40] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.43] : keyword = "ask.com",
Deleted [l.47] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10267&locale=e[...]
Deleted [l.48] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

*************************

AdwCleaner[S1].txt - [1608 octets] - [18/05/2013 16:20:10]

########## EOF - C:\AdwCleaner[S1].txt - [1668 octets] ##########
aayush is offline
Reply With Quote Report Post
# 10
waddler_8
Old 18-05-2013, 7:16 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,558
Thanked 2,106 Times in 1,907 Posts
Default

How are things running now after that?

You need to uninstall one of either Mcafee or Microsoft Security Essentials. Let me know which one you'd like to keep.
waddler_8 is offline
Reply With Quote Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 11
aayush
Old 18-05-2013, 7:30 PM
MoneySaving Stalwart
 
Join Date: Jun 2011
Posts: 367
Thanked 12 Times in 7 Posts
Default

pls advise y i need to uninstall one or the other ?
aayush is offline
Reply With Quote Report Post
# 12
waddler_8
Old 18-05-2013, 7:35 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,558
Thanked 2,106 Times in 1,907 Posts
Default

You shouldn't run more than one antivirus. At best you'll see a degradation in system performance as both do the same job, at worst you'll experience conflicts that could crash the entire system.
waddler_8 is offline
Reply With Quote Report Post
The Following 2 Users Say Thank You to waddler_8 For This Useful Post: Show me >>
# 13
aayush
Old 18-05-2013, 9:51 PM
MoneySaving Stalwart
 
Join Date: Jun 2011
Posts: 367
Thanked 12 Times in 7 Posts
Default

ic
thank you for the information
i would like to keep mcafee
aayush is offline
Reply With Quote Report Post
# 14
waddler_8
Old 18-05-2013, 10:07 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,558
Thanked 2,106 Times in 1,907 Posts
Default

Then just uninstall Microsoft Security Essentials through programs & features.

http://windows.microsoft.com/en-gb/w...ange-a-program

You also need to update Adobe Reader & Java. These programs can be exploited to facilitate the download and installation of malware with little or no interaction from yourself.

http://www.securelist.com/en/analysi...ulnerabilities


Uninstall Adobe Reader 8.1.2

Install the latest version from here (Uncheck the Mcafee Security scan): http://get.adobe.com/reader/

Also uninstall Java(TM) SE Runtime Environment 6 Update 1

Install the latest version here: http://java.com/en/download/index.jsp


Finally, after that run DDS once more & post the new logs.
waddler_8 is offline
Reply With Quote Report Post
The Following User Says Thank You to waddler_8 For This Useful Post: Show me >>
# 15
NiftyDigits
Old 18-05-2013, 10:31 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2012
Posts: 4,406
Thanked 1,863 Times in 1,663 Posts
Default

Quote:
Originally Posted by waddler_8 View Post
Then just uninstall Microsoft Security Essentials through programs & features.

http://windows.microsoft.com/en-gb/w...ange-a-program

You also need to update Adobe Reader & Java. These programs can be exploited to facilitate the download and installation of malware with little or no interaction from yourself.

http://www.securelist.com/en/analysi...ulnerabilities


Uninstall Adobe Reader 8.1.2

Install the latest version from here (Uncheck the Mcafee Security scan): http://get.adobe.com/reader/

Also uninstall Java(TM) SE Runtime Environment 6 Update 1

Install the latest version here: http://java.com/en/download/index.jsp


Finally, after that run DDS once more & post the new logs.
Adobe Reader is a bit 'heavy duty', perhaps FoxitReader instead.
NiftyDigits is online now
Reply With Quote Report Post
# 16
waddler_8
Old 18-05-2013, 10:36 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2011
Posts: 3,558
Thanked 2,106 Times in 1,907 Posts
Default

Yes, Foxit would be a good alternative to Adobe Reader, so long as that version is uninstalled - Support for 8x ended some time ago now (Nov 2011).
waddler_8 is offline
Reply With Quote Report Post
# 17
NiftyDigits
Old 18-05-2013, 10:49 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jul 2012
Posts: 4,406
Thanked 1,863 Times in 1,663 Posts
Default

Version 5.4.3.0920 is the latest version I have without the Toolbar added.
NiftyDigits is online now
Reply With Quote Report Post
Reply

Bookmarks
 
 




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

 Forum Jump  

Contact Us - MoneySavingExpert.com - Archive - Privacy Statement - Top

Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

All times are GMT +1. The time now is 1:52 PM.

 Forum Jump  

Free MoneySaving Email

Top deals: Week of 23 April 2014

Get all this & more in MoneySavingExpert's weekly email full of guides, vouchers and Deals

GET THIS FREE WEEKLY EMAIL Full of deals, guides & it's spam free

Latest News & Blogs

Martin's Twitter Feed

profile
  • Thank you to my very high powered 'runner' @Marthakearney who kindly helped me escape from BBC Broadcasting House when the lifts were full.
  • So if you've got questions about CPP or travel money - I'm taking them now on @bbc5live - so do tweet us them
  • RT @bbc5live: Want to get the most out of your holiday money? Of course you do! @MartinSLewis is taking Qs on travel money on Consumer Team?

Cheap Travel Money

Find the best online rate for holiday cash with MSE's TravelMoneyMax.

Find the best online rate for your holiday cash with MoneySavingExpert's TravelMoneyMax.

TuneChecker Top Albums

  • VARIOUS ARTISTSNOW THAT'S WHAT I CALL MUSIC! 87
  • VARIOUS ARTISTSFROZEN (ORIGINAL MOTION PICTURE SOUNDTRACK)
  • VARIOUS ARTISTSNOW THAT'S WHAT I CALL 21ST CENTURY

MSE's Twitter Feed

profile
Always remember anyone can post on the MSE forums, so it can be very different from our opinion.
We use Skimlinks and other affiliated links in some of our boards, for some of our users.