Could my computer be infected?

[Deleted User] · 19 June 2013 at 7:58PM

Every time I click on a link I am directed to various adverts - some not very nice ones, some to make money on line £600, some for diet pills and some for Facebook log on - I am not on Facebook. Even if I don't click on a link but just want to correct spelling or something another advert comes up including on my email. It also asked me to click to download 'Codec Pack' and I came out of that straight away.

I have run a check for Mal ware and Microsoft Security Essentials and no threats are found. I have gone into programmes and I cannot see anything obvious - although I am not very good. I wanted to edit this post and I had to go through the process of receiving an unwanted advert and delete it etc.

I ran a HiJackThis - but I couldn't really interpret it to see if I could remove anything.

This problem started after I clicked on a link to download or print coupons - I did not like the look of it and now I wish I hadn't touched it in case that is the source of the problem. Even when I clicked to preview this post - another wretched advert came up and, as always, I had to delete it before i could get back to this post.

I'll be grateful for any advice, please.

Crimson

waddler_8 · 19 June 2013 at 8:03PM

Post me a DDS log - should take 2-3 minutes.

Download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:

Double click DDS to run it.
Click Start
When it's finished, DDS will open two logs:

DDS.txt
Attach.txt

Save both reports to your desktop.

Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)

[Deleted User] · 19 June 2013 at 8:09PM

waddler_8 wrote: »

Post me a DDS log - should take 2-3 minutes.

Download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:
Double click DDS to run it.

Click Start

When it's finished, DDS will open two logs:

I'll do that right now

DDS.txt

Attach.txt

Save both reports to your desktop.

Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)

I'll do that right now, waddler. Thank you for your help.

waddler_8 · 19 June 2013 at 8:13PM

You know the drill - You've done it before for a similar problem.

[Deleted User] · 19 June 2013 at 8:21PM

Will I ever learn - I nearly despair.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by Christine at 21:12:46 on 2013-06-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2940.1357 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_88.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_88.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Uninstall C:\Users\Christine\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Christine\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{957BEC76-EC4E-40FB-A3E7-FF7A024591B0} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [btbb_McciTrayApp] "C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wur5wv4d.default\
FF - prefs.js: browser.search.selectedEngine - Hola Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_88.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-10-3 109352]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2013-1-17 517632]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-4-8 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-3 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 optousb;OPTO ELECTRONICS optousb;C:\Windows\System32\drivers\optousb.sys [2010-3-24 27264]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\System32\drivers\optovcm.sys [2010-3-24 34304]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-16 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-8 232992]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-8 51512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-16 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-3 1255736]
.
=============== Created Last 30 ================
.
2013-06-19 19:07:47 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-19 16:08:48 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E167DFA-F487-4969-98F1-A52AD40EB3D7}\mpengine.dll
2013-06-18 10:54:15 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-16 08:24:35 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-15 23:17:50 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-15 23:16:35 964552

w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93A9FAE5-469C-44B6-AA82-224945ECAE37}\gapaengine.dll
2013-05-29 09:42:42

d

w- C:\Users\Christine\AppData\Roaming\#airversion
2013-05-22 11:44:59

d

w- C:\Windows\en
2013-05-22 11:41:31 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
.
==================== Find3M ====================
.
2013-06-19 19:24:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-19 19:24:09 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-19 19:07:36 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-06-19 19:07:36 1093032 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56 278800

w- C:\Windows\System32\MpSigStub.exe
2013-04-29 20:19:39 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-29 20:19:33 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-29 20:19:33 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
.
============= FINISH: 21:14:06.05 ===============

[Deleted User] · 19 June 2013 at 8:23PM

It seemed to take me a while before I was able to post the results - somehow I was prevented from posting. I had to come out of the forum and log in again - this is why the delay. Sorry.

Crimson

waddler_8 · 19 June 2013 at 8:37PM

Download AdwCleaner from the link below & save it to your desktop.

LINK

Then,

Right click AdwCleaner.exe & choose "Run as administrator" to run it.
Click Delete.
Click OK to the prompt.
The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
Post the contents of the logfile with your next reply.
You can also find the logfile at C:\AdwCleaner[s1].txt.

[Deleted User] · 19 June 2013 at 9:13PM

I wasn't 'allowed' to successfully click reply on Firefox (unwanted adverts still appearing) so I have come out and logged in on Internet Explorer and was allowed to paste: I hope this is OK. Does it sound as if I have a virus?

# AdwCleaner v2.303 - Logfile created 06/19/2013 at 21:57:29
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Christine - CHRISTINE-TOSH
# Boot Mode : Normal
# Running from : C:\Users\Christine\Downloads\adwcleaner(1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\END
File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wur5wv4d.default\bProtector_extensions.rdf
File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wur5wv4d.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wur5wv4d.default\searchplugins\holasearch.xml
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gelpfbcidpeeelkmkjbofkcpihkcachn
Folder Deleted : C:\Users\Christine\AppData\Local\Wajam
Folder Deleted : C:\Users\Christine\AppData\LocalLow\Delta
***** [Registry] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gelpfbcidpeeelkmkjbofkcpihkcachn
Key Deleted : HKCU\Software\YahooPartnerToolbar
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Registry is clean.
-\\ Mozilla Firefox v22.0 (en-US)
File : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wur5wv4d.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v29.0.1541.0
File : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v [Unable to get version]
File : C:\Users\Christine\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1949 octets] - [19/06/2013 21:56:43]
AdwCleaner[S1].txt - [3910 octets] - [29/04/2013 18:22:36]
AdwCleaner[S2].txt - [1900 octets] - [19/06/2013 21:57:29]
########## EOF - C:\AdwCleaner[S2].txt - [1960 octets] ##########

[Deleted User] · 19 June 2013 at 9:24PM

Deleted_User wrote: »

I wasn't 'allowed' to successfully click reply on Firefox (unwanted adverts still appearing) so I have come out and logged in on Internet Explorer and was allowed to paste: I hope this is OK. Does it sound as if I have a virus?

# AdwCleaner v2.303 - Logfile created 06/19/2013 at 21:57:29
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Christine - CHRISTINE-TOSH
# Boot Mode : Normal
# Running from : C:\Users\Christine\Downloads\adwcleaner(1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\END
File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wur5wv4d.default\bProtector_extensions.rdf
File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wur5wv4d.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wur5wv4d.default\searchplugins\holasearch.xml
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gelpfbcidpeeelkmkjbofkcpihkcachn
Folder Deleted : C:\Users\Christine\AppData\Local\Wajam
Folder Deleted : C:\Users\Christine\AppData\LocalLow\Delta
***** [Registry] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gelpfbcidpeeelkmkjbofkcpihkcachn
Key Deleted : HKCU\Software\YahooPartnerToolbar
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Registry is clean.
-\\ Mozilla Firefox v22.0 (en-US)
File : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wur5wv4d.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v29.0.1541.0
File : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v [Unable to get version]
File : C:\Users\Christine\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1949 octets] - [19/06/2013 21:56:43]
AdwCleaner[S1].txt - [3910 octets] - [29/04/2013 18:22:36]
AdwCleaner[S2].txt - [1900 octets] - [19/06/2013 21:57:29]
########## EOF - C:\AdwCleaner[S2].txt - [1960 octets] ##########

I'll log off now for this evening, thanking you again for your help, waddler_8, and I'll check again tomorrow.

Crimson

waddler_8 · 19 June 2013 at 11:13PM

I wasn't 'allowed' to successfully click reply on Firefox (unwanted adverts still appearing) so I have come out and logged in on Internet Explorer...

This only affects Firefox and not IE?

Download Roguekiller from the link below & save it to your desktop

LINK

Right click roguekiller.exe & choose "Run as Administrator"
Wait for the prescan to finish.
Accept the EULA
Under Options, click the Scan button
When the Status reports Scan finished, click Report under Options

If an infection is detected, do not delete anything yet!
Notepad will open. Copy & paste the contents of that report in a reply here.
The log can also be found on your desktop entitled RKreport[**].txt
Close RogueKiller. Click Yes to the prompt

[Deleted User] · 20 June 2013 at 9:56AM

waddler_8 wrote: »

This only affects Firefox and not IE?

Download Roguekiller from the link below & save it to your desktop

LINK
Right click roguekiller.exe & choose "Run as Administrator"

Wait for the prescan to finish.

Accept the EULA

Under Options, click the Scan button

When the Status reports Scan finished, click Report under Options

If an infection is detected, do not delete anything yet!

Notepad will open. Copy & paste the contents of that report in a reply here.

The log can also be found on your desktop entitled RKreport[**].txt

Close RogueKiller. Click Yes to the prompt

Yes, waddler, it seems to only affect Firefox and not Internet Explorer. It's strange because, this morning, the unwanted adverts don't appear when I click on Firefox or on Internet Explorer. But - even when logged in to the Techie Forum this morning Firefox won't let me 'click' to reply to your post - but it let me click 'thanks.' I logged out and logged in (as at present) to Internet Explorer.

I'm now going to follow your advice as above and Download Roguekiller, following your instructions etc, thank you. Although I won't do anything until you advise I wonder if I should uninstall Firefox and reinstall it?

Crimson

Could my computer be infected?

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free