We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Removal of trojan lame.sheild? Having problems removing it.

Options
Savvybunny2009
Savvybunny2009 Posts: 5,548 Forumite
Part of the Furniture
in Techie Stuff
Hi,

Computer detected I was infected from a compromised link in windows defender (not sure why antivir hadn't kicked in). Quarantined to items. Then ran malware bytes and it removed 6 threats all bar two were the lame.sheild trojan, the other two were a cs trojan I think.

Malware bytes is showing nothing but i am concerned that there may still be something dogy going on as I am still having browser redirects.

Can anyone talk me through how to remove this completely?

Many thanks.
Comping wishlist for 2017
1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuff
The more you put into life, the more you get out
«13

Comments

  • Savvybunny2009
    Savvybunny2009 Posts: 5,548 Forumite
    Part of the Furniture
    If it helps this is the report from RogueKiller

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User: Mandy [Admin rights]
    Mode: Scan -- Date: 07/24/2012 13:07:58
    ¤¤¤ Bad processes: 0 ¤¤¤
    ¤¤¤ Registry Entries: 4 ¤¤¤
    [SUSP PATH] HKCU\[...]\Run : odbcinst (rundll32 "C:\Users\Mandy\AppData\Local\Temp\mobsuota64.dll",CreateProcessNotify) -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-634688241-3606939045-2587982608-1002[...]\Run : odbcinst (rundll32 "C:\Users\Mandy\AppData\Local\Temp\mobsuota64.dll",CreateProcessNotify) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST9500420AS +++++
    --- User ---
    [MBR] 530b03eac4dcf3bd34de23e44f4824bf
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 619 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 1269760 | Size: 62130 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 128512000 | Size: 414189 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
    Comping wishlist for 2017
    1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuff
    The more you put into life, the more you get out
  • GunJack
    GunJack Posts: 11,829 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    not familiar with rk, can you post the last mbam log (under the logs tab) showing the infections? Further work may be needed...
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • Savvybunny2009
    Savvybunny2009 Posts: 5,548 Forumite
    Part of the Furniture
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.24.05
    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Mandy :: MANDY-PC [administrator]
    24/07/2012 12:31:42
    mbam-log-2012-07-24 (12-31-42).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 210198
    Time elapsed: 4 minute(s), 27 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 1
    C:\Users\Mandy\AppData\Local\Temp\mobsuota.dll (IPH.Trojan.Agent.CPN) -> Delete on reboot.
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|findtall (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\Mandy\AppData\Local\Temp\mobsuota.dll",CreateProcessNotify -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7531CCA9005073F91850E0994F147CE7 (Trojan.LameShield) -> Data: C:\ProgramData\7531CCA9005073F91850E0994F147CE7\7531CCA9005073F91850E0994F147CE7.exe -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 3
    C:\Users\Mandy\AppData\Local\Temp\mobsuota.dll (IPH.Trojan.Agent.CPN) -> Quarantined and deleted successfully.
    C:\ProgramData\7531CCA9005073F91850E0994F147CE7\7531CCA9005073F91850E0994F147CE7.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
    C:\Users\Mandy\AppData\Local\Temp\mor.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
    (end)
    Comping wishlist for 2017
    1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuff
    The more you put into life, the more you get out
  • GunJack
    GunJack Posts: 11,829 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    ta, now download, save then run DDS

    http://www.bleepingcomputer.com/download/dds/

    and run it. It'll put up 2 logs in notepad, DDS.txt and Attach.txt. Save them both and post the DDS log up here :)
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • Savvybunny2009
    Savvybunny2009 Posts: 5,548 Forumite
    Part of the Furniture
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
    Run by Mandy at 14:00:00 on 2012-07-24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2980.796 [GMT 1:00]
    .
    AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Mandy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45JDQLAC\RogueKiller[1].exe
    c:\windows\SysWOW64\notepad.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.co.uk/
    uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    TB: {9519E2C2-6520-4FA9-BD3F-4BAA1F1377A9} - No File
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [odbcinst] rundll32 "C:\Users\Mandy\AppData\Local\Temp\mobsuota64.dll",CreateProcessNotify
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [ConduitHelper] "C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Customize Menu - [URL]file://C:\Program[/URL] Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - [URL]file://C:\Program[/URL] Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: RoboForm Toolbar - [URL]file://C:\Program[/URL] Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - [URL]file://C:\Program[/URL] Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111123062837
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.parallelgraphics.com/l2/bin/cortona3d60_179.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} - hxxps://s.userzoom.com/s/UserZoom.cab
    DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{94920429-8034-4630-A919-04D443CBBAEB} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{94920429-8034-4630-A919-04D443CBBAEB}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{94920429-8034-4630-A919-04D443CBBAEB}\3456E64756270516273637 : DhcpNameServer = 4.2.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    BHO-X64: McAfee Phishing Filter - No File
    C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO-X64: RoboForm BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    BHO-X64: uTorrentBar - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    TB-X64: {9519E2C2-6520-4FA9-BD3F-4BAA1F1377A9} - No File
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun-x64: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [ConduitHelper] "C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    .
    Comping wishlist for 2017
    1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuff
    The more you put into life, the more you get out
  • Savvybunny2009
    Savvybunny2009 Posts: 5,548 Forumite
    Part of the Furniture
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\vh1taowi.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-3 98208]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-17 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-17 269480]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-9-28 1737464]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-3 1997416]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-3 689472]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-29 378472]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-3 2656280]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/02 21:53:52;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-14 136176]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
    S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-14 136176]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 113120]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\DRIVERS\nvstusb.sys --> C:\Windows\system32\DRIVERS\nvstusb.sys [?]
    S3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys --> C:\Windows\system32\DRIVERS\optousb.sys [?]
    S3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys --> C:\Windows\system32\DRIVERS\optovcm.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-24 11:29:16 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{378F2D80-129A-4B9C-A15B-F8B8E0BC1DF4}\offreg.dll
    2012-07-24 11:29:05
    d
    w- C:\ProgramData\7531CCA9005073F91850E0994F147CE7
    2012-07-24 10:31:12 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{378F2D80-129A-4B9C-A15B-F8B8E0BC1DF4}\mpengine.dll
    2012-07-24 10:27:32
    d
    w- C:\Users\Mandy\AppData\Local\{458963C7-8875-42FC-9EFA-B736852D3230}
    2012-07-24 10:27:20
    d
    w- C:\Users\Mandy\AppData\Local\{AF38BA13-B622-483B-BC86-8A9CF3B8C047}
    2012-07-23 21:29:05
    d
    w- C:\Users\Mandy\AppData\Local\{601267B6-5B04-4BCC-936E-3156892CEDED}
    2012-07-23 21:28:53
    d
    w- C:\Users\Mandy\AppData\Local\{99B6C865-8333-4EC0-9360-F53323BE184D}
    2012-07-23 09:28:19
    d
    w- C:\Users\Mandy\AppData\Local\{1F883D02-2FF3-4C40-AD88-39FAC98FDA2B}
    2012-07-23 09:28:05
    d
    w- C:\Users\Mandy\AppData\Local\{DAEB12E3-161A-486B-B647-364839A58B20}
    2012-07-22 21:27:33
    d
    w- C:\Users\Mandy\AppData\Local\{3E7A7B4B-6319-4077-A2E8-78E451627BC7}
    2012-07-22 21:27:21
    d
    w- C:\Users\Mandy\AppData\Local\{741B03DF-8E2E-4AD5-A9C2-B04CBA6BFB40}
    2012-07-22 09:26:49
    d
    w- C:\Users\Mandy\AppData\Local\{DEEF3A13-5C1F-49DA-B9D3-011D86EA55F3}
    2012-07-22 09:26:38
    d
    w- C:\Users\Mandy\AppData\Local\{F83E015D-BE16-4C0F-8FF2-873DE21F7D4A}
    2012-07-21 22:47:08 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-07-21 22:47:08 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-07-21 11:41:49
    d
    w- C:\Users\Mandy\AppData\Local\{B7E79E78-4E3A-45D2-87DF-B06F0EDD141C}
    2012-07-21 11:41:37
    d
    w- C:\Users\Mandy\AppData\Local\{D0D79586-1C0C-42F8-9470-7D0FD3019EE2}
    2012-07-20 23:04:52
    d
    w- C:\Users\Mandy\AppData\Local\{91AC7D00-70B8-47D7-87F4-62AD07330116}
    2012-07-20 23:04:40
    d
    w- C:\Users\Mandy\AppData\Local\{F7C96680-4668-42FC-86D3-5770E17CF08E}
    2012-07-20 10:41:55
    d
    w- C:\Users\Mandy\AppData\Local\{C295389A-3DAE-402E-87ED-4941E005D65B}
    2012-07-20 10:41:40
    d
    w- C:\Users\Mandy\AppData\Local\{17B81514-662F-4013-B8FA-D98F58853F17}
    2012-07-19 12:29:26
    d
    w- C:\Users\Mandy\AppData\Local\{C1877C26-2572-414A-9199-FFBE0161FD16}
    2012-07-19 12:28:36
    d
    w- C:\Users\Mandy\AppData\Local\{E08C6CD8-7C97-414A-9A74-0E805D991983}
    2012-07-18 22:14:43
    d
    w- C:\Users\Mandy\AppData\Local\{AD18BA0B-4655-4EEA-B3EF-2F22F248E157}
    2012-07-18 22:14:31
    d
    w- C:\Users\Mandy\AppData\Local\{06116C17-1293-4B6E-B01F-2280D92ED883}
    2012-07-18 10:13:56
    d
    w- C:\Users\Mandy\AppData\Local\{A08FD0FA-788B-4557-9260-1FCFE4F81D37}
    2012-07-18 10:13:44
    d
    w- C:\Users\Mandy\AppData\Local\{08D3571B-78CB-4F53-AB80-6CD0B7AE6234}
    2012-07-17 22:13:26
    d
    w- C:\Users\Mandy\AppData\Local\{6F04A4E0-21C9-40CE-9BD1-8C3D0F776749}
    2012-07-17 22:13:14
    d
    w- C:\Users\Mandy\AppData\Local\{1ED6627B-321E-4810-ABBA-3E5C95C37C03}
    2012-07-17 10:12:58
    d
    w- C:\Users\Mandy\AppData\Local\{491B3A0B-2D39-4809-ACB5-16ACF5CD755D}
    2012-07-17 10:12:43
    d
    w- C:\Users\Mandy\AppData\Local\{6356BF42-9929-47FD-AD77-B06B78029CBC}
    2012-07-16 22:07:45
    d
    w- C:\Users\Mandy\AppData\Local\{C0F5CC7F-40B6-4CBF-887E-1A1136C994DF}
    2012-07-16 22:07:31
    d
    w- C:\Users\Mandy\AppData\Local\{F3502C4F-48B4-43AC-B8D9-95C9D3F4242C}
    2012-07-16 10:07:14
    d
    w- C:\Users\Mandy\AppData\Local\{DAF2BAD1-2FB1-42E6-BFA6-80CA2380A695}
    2012-07-16 10:07:02
    d
    w- C:\Users\Mandy\AppData\Local\{49D6D6B1-AB01-4C4E-B34E-2E19CD00E3FF}
    2012-07-15 22:06:46
    d
    w- C:\Users\Mandy\AppData\Local\{D508F824-2F0B-4785-AA0C-5A1163F0B96C}
    2012-07-15 22:06:04
    d
    w- C:\Users\Mandy\AppData\Local\{5BCF6464-F130-4154-BEE3-194787DD3D6E}
    2012-07-15 09:52:54
    d
    w- C:\Users\Mandy\AppData\Local\{BA301301-F215-4D6B-8340-F25E63B332B4}
    2012-07-15 09:52:42
    d
    w- C:\Users\Mandy\AppData\Local\{58D7D665-45B8-49B6-8821-479E5AE17EC8}
    2012-07-14 14:50:52
    d
    w- C:\Users\Mandy\AppData\Local\{068E32E7-B6B6-4100-B3AF-6BD28AD92C1E}
    2012-07-14 14:50:40
    d
    w- C:\Users\Mandy\AppData\Local\{72857671-A753-4F0A-BA24-B02240B08A18}
    2012-07-14 02:50:11
    d
    w- C:\Users\Mandy\AppData\Local\{65BD15A2-DDA6-47F3-A521-CD4A7254E186}
    2012-07-14 02:50:00
    d
    w- C:\Users\Mandy\AppData\Local\{7CEA04EE-E0F3-4394-8EE7-7675A4BD69BC}
    2012-07-13 09:49:08
    d
    w- C:\Users\Mandy\AppData\Local\{180E733B-9A02-453F-A3CF-71F9B7B577AE}
    2012-07-13 09:48:53
    d
    w- C:\Users\Mandy\AppData\Local\{2551F423-6561-4C0C-9762-53D113F41566}
    2012-07-12 21:48:19
    d
    w- C:\Users\Mandy\AppData\Local\{E4C7046E-CAA6-41E4-9A7E-F345957AD1C2}
    2012-07-12 21:47:54
    d
    w- C:\Users\Mandy\AppData\Local\{A0826829-32C1-4C01-B217-DB9FC22991DC}
    2012-07-12 09:47:22
    d
    w- C:\Users\Mandy\AppData\Local\{74F88AF3-86AF-4D06-BE49-75E2045741FF}
    2012-07-12 09:47:11
    d
    w- C:\Users\Mandy\AppData\Local\{E79BEB86-AB51-4EBD-8378-E17C2EF86A0F}
    2012-07-11 21:46:42
    d
    w- C:\Users\Mandy\AppData\Local\{73F4A6FA-A857-481C-BAD9-1C45E53EB072}
    2012-07-11 21:46:30
    d
    w- C:\Users\Mandy\AppData\Local\{81670FD6-A87C-435D-ABDB-71062AF9E865}
    2012-07-11 08:47:40
    d
    w- C:\Users\Mandy\AppData\Local\{E1225AF9-320B-4DDD-B0EA-F8B346D74A1D}
    2012-07-11 08:47:27
    d
    w- C:\Users\Mandy\AppData\Local\{32AF7DB4-1921-4F63-88D0-6E9A59C5B75A}
    2012-07-11 02:02:23 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-10 20:42:29
    d
    w- C:\Users\Mandy\AppData\Local\{9441DBBF-B2FC-4E76-B2CD-E09F56DE9CE7}
    2012-07-10 20:42:05
    d
    w- C:\Users\Mandy\AppData\Local\{67F902B4-A62A-4DB1-8142-A48092F6D40E}
    2012-07-10 08:41:35
    d
    w- C:\Users\Mandy\AppData\Local\{F4BA95DD-D2C6-4A2D-8868-6ED972FB3199}
    2012-07-10 08:41:22
    d
    w- C:\Users\Mandy\AppData\Local\{128A61DE-0B2A-45FF-852C-E5D321E6885A}
    2012-07-09 20:23:08
    d
    w- C:\Users\Mandy\AppData\Local\{94AF373D-2363-427D-9FDD-76B1010F2E79}
    2012-07-09 20:22:56
    d
    w- C:\Users\Mandy\AppData\Local\{3B02E9AE-89EA-4E27-A52A-54B566D0ADE4}
    2012-07-09 08:22:40
    d
    w- C:\Users\Mandy\AppData\Local\{CA7562F5-7865-48AF-A07C-63464BA9C1A8}
    2012-07-09 08:22:25
    d
    w- C:\Users\Mandy\AppData\Local\{3F4C2074-285D-4955-9420-2B60137248F1}
    2012-07-08 20:21:56
    d
    w- C:\Users\Mandy\AppData\Local\{8D3B6C40-4C2E-416C-A287-453A86AE55A9}
    2012-07-08 20:21:34
    d
    w- C:\Users\Mandy\AppData\Local\{1A0BE33C-0C7D-4043-8CCB-65B77243CAE3}
    2012-07-08 08:21:05
    d
    w- C:\Users\Mandy\AppData\Local\{F437B88A-16E3-463D-9D8A-3CE4D7F4DA5F}
    2012-07-08 08:20:16
    d
    w- C:\Users\Mandy\AppData\Local\{EC479B10-F148-4A22-B5F7-3CD338677CE5}
    2012-07-07 20:12:41
    d
    w- C:\Users\Mandy\AppData\Local\{C9459EFA-55D3-4350-974E-3A56FADA576C}
    2012-07-07 20:12:29
    d
    w- C:\Users\Mandy\AppData\Local\{0E595C87-E77B-4C59-8942-69DCCCCF9C90}
    2012-07-07 08:12:12
    d
    w- C:\Users\Mandy\AppData\Local\{B522CA63-2F52-4809-AF6F-64A404764A3D}
    2012-07-07 08:12:00
    d
    w- C:\Users\Mandy\AppData\Local\{EFCE9FFA-9469-4047-82E0-43720C0A6387}
    2012-07-06 20:11:29
    d
    w- C:\Users\Mandy\AppData\Local\{9B6C35AD-43E3-424A-9CD1-86DAB21C93BB}
    2012-07-06 20:11:06
    d
    w- C:\Users\Mandy\AppData\Local\{F47ED4F2-80B5-4728-ACFE-544C32C70648}
    2012-07-06 08:10:36
    d
    w- C:\Users\Mandy\AppData\Local\{7D7F7388-FD15-4446-844C-08D33156C18B}
    2012-07-06 08:10:25
    d
    w- C:\Users\Mandy\AppData\Local\{501F9F1C-05D1-4B83-9C60-22ADCDE4D68B}
    2012-07-05 20:09:55
    d
    w- C:\Users\Mandy\AppData\Local\{18247BAC-87E9-46D2-8EC6-426D66E4CE34}
    2012-07-05 20:09:43
    d
    w- C:\Users\Mandy\AppData\Local\{1B1B9D7E-65B8-40A9-94ED-CD732F63254A}
    2012-07-05 08:09:12
    d
    w- C:\Users\Mandy\AppData\Local\{76657C52-6641-4CB2-9169-ED4B7BDC3791}
    2012-07-05 08:09:00
    d
    w- C:\Users\Mandy\AppData\Local\{1737EE9B-5DF4-49DB-8F6E-61AACCCD8F9B}
    2012-07-04 19:54:30
    d
    w- C:\Users\Mandy\AppData\Local\{0BB6DF09-FA72-459F-82A5-0E6E7074C74D}
    2012-07-04 19:54:18
    d
    w- C:\Users\Mandy\AppData\Local\{B1703249-A62B-4BD6-98F7-A024EA6CC084}
    2012-07-04 07:53:48
    d
    w- C:\Users\Mandy\AppData\Local\{5A80A9C7-1E87-4374-B8BB-1B62411A9F96}
    2012-07-04 07:53:36
    d
    w- C:\Users\Mandy\AppData\Local\{F5FF1609-FC8A-43FC-96E2-CF604E5AA4D9}
    2012-07-03 19:53:06
    d
    w- C:\Users\Mandy\AppData\Local\{B87A5123-FBC3-4E3B-8F8C-5C7721DDEC2F}
    2012-07-03 19:52:53
    d
    w- C:\Users\Mandy\AppData\Local\{35F8C6BF-566E-4445-A5B9-7681F2354C35}
    2012-07-03 07:52:19
    d
    w- C:\Users\Mandy\AppData\Local\{8F263C8C-F721-46E8-AEB3-09B53E20BA4F}
    2012-07-03 07:52:07
    d
    w- C:\Users\Mandy\AppData\Local\{72E6A57E-FACE-4F9C-9BAA-ABA2C3562EBE}
    2012-07-02 19:51:37
    d
    w- C:\Users\Mandy\AppData\Local\{77C65E80-5D34-4E7B-996A-CA5E928466C7}
    2012-07-02 19:51:24
    d
    w- C:\Users\Mandy\AppData\Local\{B6B543E2-F987-4994-BCDB-6070A0B99690}
    2012-07-02 15:16:20
    d
    w- C:\ProgramData\Spybot - Search & Destroy
    2012-07-02 15:16:20
    d
    w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-02 07:50:54
    d
    w- C:\Users\Mandy\AppData\Local\{7ACA5CFF-9F50-400B-A8DE-BF2881EC9F0D}
    2012-07-02 07:50:39
    d
    w- C:\Users\Mandy\AppData\Local\{68070205-D13E-4ED5-AFA3-726CB7CC6EE5}
    2012-07-01 19:50:11
    d
    w- C:\Users\Mandy\AppData\Local\{7986269B-29BA-4EA5-A59E-4FD6D13DEDA4}
    2012-07-01 19:49:59
    d
    w- C:\Users\Mandy\AppData\Local\{2C5E346A-7EAE-47E0-B3A5-DF34E4EA0912}
    2012-07-01 07:49:24
    d
    w- C:\Users\Mandy\AppData\Local\{51F84A3C-A01E-40C4-AE7B-08FD6C91FEE3}
    2012-07-01 07:49:13
    d
    w- C:\Users\Mandy\AppData\Local\{BC6F61CD-4486-4BC2-93C2-BCC2F7BA6E9F}
    2012-06-30 19:46:50
    d
    w- C:\Users\Mandy\AppData\Local\{F1BAA6C8-F6B0-4BBF-9002-5846301F1EE1}
    2012-06-30 19:46:38
    d
    w- C:\Users\Mandy\AppData\Local\{8D28067E-3F4A-47BA-97E2-F347DF879C29}
    2012-06-30 07:46:23
    d
    w- C:\Users\Mandy\AppData\Local\{EF8454B3-0D9C-4A10-826D-A9888289E439}
    2012-06-30 07:46:11
    d
    w- C:\Users\Mandy\AppData\Local\{45D222EB-D91B-4D22-9C2E-E5FBC3208FBA}
    2012-06-29 15:18:47
    d
    w- C:\Users\Mandy\AppData\Local\{E08B75A7-8E05-4DEA-8361-F18171475998}
    2012-06-29 15:18:36
    d
    w- C:\Users\Mandy\AppData\Local\{CE1014D1-5A86-45B3-935D-AFF011B15DE1}
    2012-06-28 08:11:04
    d
    w- C:\Users\Mandy\AppData\Local\{BC58FA95-1BA4-4326-BA72-3F238EDBE09D}
    2012-06-28 08:10:06
    d
    w- C:\Users\Mandy\AppData\Local\{15E5E798-CC0B-4EC1-B80E-24C7491EE237}
    2012-06-27 10:50:21
    d
    w- C:\Users\Mandy\AppData\Local\{609AA0B8-82E5-4C95-9F46-4B1DDAF9BDFA}
    2012-06-26 22:12:56
    d
    w- C:\Users\Mandy\AppData\Local\{514226A3-B21B-4F17-BD8D-08BF9584B72C}
    2012-06-26 22:12:42
    d
    w- C:\Users\Mandy\AppData\Local\{24B4037B-A96C-49A1-BE36-1F0DEA38AE1E}
    2012-06-26 09:48:57
    d
    w- C:\Users\Mandy\AppData\Local\{2530F656-6A80-4062-BE8E-525D15FB9FD4}
    2012-06-26 09:48:19
    d
    w- C:\Users\Mandy\AppData\Local\{BD98D66E-3AF0-4F98-BE39-96AF45A5ED6A}
    2012-06-25 18:34:28
    d
    w- C:\Users\Mandy\AppData\Local\{678D7D71-C554-469F-90CD-F583342283CD}
    2012-06-25 18:34:15
    d
    w- C:\Users\Mandy\AppData\Local\{AC53ED64-9601-46E2-8C4D-A83B01DC51F8}
    2012-06-25 16:37:58
    d
    w- C:\Users\Mandy\AppData\Local\{CAA8B837-E4B0-40B5-913B-8402ED6F661E}
    2012-06-24 20:56:30
    d
    w- C:\Users\Mandy\AppData\Local\{B3592F21-872D-4778-9E1B-4506E64D3709}
    2012-06-24 20:56:19
    d
    w- C:\Users\Mandy\AppData\Local\{8450FBD9-D24D-4475-AC0F-FF9483A9306B}
    .
    ==================== Find3M ====================
    .
    2012-07-12 08:58:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 08:58:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 11:25:12 279656
    w- C:\Windows\System32\MpSigStub.exe
    2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-04 16:52:23 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:46 3970928 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:46 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 14:01:06.43 ===============
    Comping wishlist for 2017
    1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuff
    The more you put into life, the more you get out
  • GunJack
    GunJack Posts: 11,829 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    edited 24 July 2012 at 2:32PM
    uRun: [odbcinst] rundll32 "C:\Users\Mandy\AppData\Local\Temp\mobsuota64.dll" ,CreateProcessNotify

    looks well dodgy

    time for combofix:-

    download & save to desktop:-

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    scroll down to download link. You need to turn off avira before you run it (which is out-of-date, BTW, and allow the installation of the Microsoft Recovery console if prompted. A Notepad log will pop up when it's finished running, and will be auto-saved at C:\ComboFix.txt. Post the contents of the log up here when done.
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • Savvybunny2009
    Savvybunny2009 Posts: 5,548 Forumite
    Part of the Furniture
    Could you let me know how to turn off of antivir? Never had to do it before?

    Yes that was one of the trojan names from the mbam log, that definitely needs to go.
    Comping wishlist for 2017
    1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuff
    The more you put into life, the more you get out
  • GunJack
    GunJack Posts: 11,829 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    right-click on the icon in the notification area, and click the menu option to turn off real-time protection....
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • Savvybunny2009
    Savvybunny2009 Posts: 5,548 Forumite
    Part of the Furniture
    edited 24 July 2012 at 2:52PM
    It's made a log, but whatever has been marked for deletion has corrupted internet explorer, antivir etc.

    I am in safe mode at the moment. Shall I restore system settings to an earlier time?

    Edit, I have restarted in normal mode and it's all working again.
    Comping wishlist for 2017
    1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuff
    The more you put into life, the more you get out
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture