Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Is this laptop clean?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Is this laptop clean?

Unread postby Mr Onion » September 18th, 2013, 4:51 am

A friend has asked me to look at her laptop as it was very slow, taking an age to start up and browsing was very sluggish. I have removed ~10 searchbars and recovered the browsers search. It is a loty better now, but I do not know if there is anything else remaining.

I would be grateful if someone would check it for me.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686
Run by Joan at 9:42:40 on 2013-09-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4000.2027 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
mURLSearchHooks: MixiDJ V37 Toolbar: {eef3855c-fc2d-41e6-8d91-d368f51b3055} -
mWinlogon: Userinit = userinit.exe
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
uPolicies-Explorer: NoDriveAutoRun = dword:16
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{60695BE4-D007-49BB-A8DF-ABF65006F482} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{60695BE4-D007-49BB-A8DF-ABF65006F482}\244584572633D243236325 : DHCPNameServer = 192.168.1.254
AppInit_DLLs= c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-12-4 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-4 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-22 130024]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-22 395752]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-10-18 138024]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-3 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-18 76912]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 BitGuard;BitGuard;C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe --> C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-9 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-9 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-15 1255736]
S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2013-9-17 292736]
.
=============== Created Last 30 ================
.
2013-09-17 18:58:39 -------- d-----w- C:\Program Files\Adblock Plus for IE
2013-09-17 18:58:30 -------- d-----w- C:\ProgramData\Package Cache
2013-09-17 18:09:57 -------- d-----w- C:\Program Files (x86)\ESET
2013-09-17 18:09:50 -------- d--h--w- C:\Windows\AxInstSV
2013-09-17 15:45:36 -------- d-----w- C:\Users\Joan\AppData\Roaming\AIMP3
2013-09-17 15:45:22 -------- d-----w- C:\Program Files (x86)\AIMP3
2013-09-17 13:33:43 -------- d-----w- C:\Users\Joan\AppData\Roaming\OpenCandy
2013-09-17 13:23:32 -------- d-----w- C:\Program Files (x86)\Conduit
2013-09-17 13:23:18 -------- d-----w- C:\ProgramData\Conduit
2013-09-17 13:23:16 -------- d-----w- C:\Users\Joan\AppData\Local\Conduit
2013-09-17 13:21:08 292736 ----a-w- C:\Windows\System32\PuranDefragS.exe
2013-09-17 13:21:08 256896 ----a-w- C:\Windows\System32\PuranDefrag.dll
2013-09-17 13:21:08 132480 ----a-w- C:\Windows\System32\PuranDefragBT.exe
2013-09-17 13:21:07 287616 ----a-w- C:\Windows\System32\PuranDC.exe
2013-09-17 13:21:07 1367424 ----a-w- C:\Windows\System32\PuranFD.exe
2013-09-17 13:21:01 -------- d-----w- C:\Program Files\Puran Utilities
2013-09-17 13:20:52 -------- d-----w- C:\Users\Joan\AppData\Local\Programs
2013-09-17 08:10:08 -------- d-----w- C:\Users\Joan\AppData\Local\{DD072287-FB20-42D4-85E3-7410285D352D}
2013-09-17 08:03:34 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C85E65E-E5C1-43D2-A574-D7109C2F673F}\mpengine.dll
2013-09-15 10:31:54 -------- d-----w- C:\Users\Joan\AppData\Local\{D689769F-B44E-4CC4-A4AD-13593E8C7FBA}
2013-09-15 10:10:32 -------- d-----w- C:\Users\Joan\AppData\Local\{36E80315-EBAF-4872-9E0A-76FEE4E1F22C}
2013-09-15 10:07:19 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-13 19:19:25 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-13 19:13:22 -------- d-----w- C:\Users\Joan\AppData\Local\{720BA994-19C3-468F-9609-E7D67FD5ADC9}
2013-09-13 19:03:03 -------- d-----w- C:\ProgramData\BitGuard
2013-09-12 14:03:20 -------- d-----w- C:\Users\Joan\AppData\Local\{4BE21FB9-5724-450F-985C-C508EF076B6E}
2013-09-10 08:18:44 -------- d-----w- C:\Users\Joan\AppData\Local\{A05457B7-FB3A-413B-A9AB-4BAA6996F46A}
2013-09-09 19:05:48 859712 ----a-w- C:\Windows\System32\pmls64.dll
2013-09-09 10:47:46 -------- d-----w- C:\Users\Joan\AppData\Local\Apps
2013-09-09 10:44:42 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2013-09-09 10:44:39 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2013-09-09 10:24:49 -------- d-----w- C:\Windows\SysWow64\Extensions
2013-09-09 10:24:48 -------- d-----w- C:\Windows\SysWow64\searchplugins
2013-09-09 10:24:32 -------- d-----w- C:\ProgramData\DSearchLink
2013-09-09 10:24:19 -------- d-----w- C:\ProgramData\Babylon
2013-09-09 10:24:18 -------- d-----w- C:\Users\Joan\AppData\Roaming\Babylon
2013-09-09 09:35:09 -------- d-----w- C:\Users\Joan\AppData\Local\{576CBA03-B0B3-43BE-8D0B-3DB48E58C305}
2013-09-06 19:32:53 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80467686-0487-4E8C-8855-335AE07BE95A}\gapaengine.dll
2013-09-06 09:42:54 -------- d-----w- C:\Users\Joan\AppData\Local\{07220E72-2C71-4DE2-9D54-988E08FA743B}
2013-09-06 09:07:51 -------- d-----w- C:\Users\Joan\AppData\Local\{66E15586-3921-49C5-8EB3-157CAA384629}
2013-09-03 19:33:19 -------- d-----w- C:\Users\Joan\AppData\Local\{72E2F311-7B63-447E-9D32-D551DA5D1ADC}
2013-09-03 14:44:08 -------- d-----w- C:\Users\Joan\AppData\Local\{956B80FC-9BB4-4151-8DCD-08C7DE5D3CE8}
2013-09-03 14:42:42 -------- d-----w- C:\Users\Joan\AppData\Local\{764DCA97-40D1-41BC-A63D-635F0BE881E5}
2013-09-02 19:14:02 -------- d-----w- C:\Users\Joan\AppData\Local\{480E0BAB-A0E1-4689-B873-05AF407AFE2D}
2013-08-31 18:29:06 -------- d-----w- C:\Users\Joan\AppData\Local\{CF8AF5F3-3F44-4B70-80F3-3ADB0C78CDE6}
2013-08-31 07:12:07 -------- d-----w- C:\Users\Joan\AppData\Local\{AFE232C3-0D5F-4668-B4E7-4E0D44975A2B}
2013-08-30 05:43:07 -------- d-----w- C:\Users\Joan\AppData\Local\{EF001007-A69D-438F-A474-3CB491527854}
2013-08-29 13:38:54 -------- d-----w- C:\Users\Joan\AppData\Local\{6E7EFE10-8F82-4E2F-8CFD-700CA3F73A06}
2013-08-28 05:48:04 -------- d-----w- C:\Users\Joan\AppData\Local\{5811DCA9-43C5-4CEF-818D-AC90020C4527}
2013-08-27 17:11:49 -------- d-----w- C:\Users\Joan\AppData\Local\{67007130-4F4C-4E3C-8A73-1340AF15A65B}
2013-08-26 08:35:13 -------- d-----w- C:\Users\Joan\AppData\Local\{9E8B18BD-844F-4A97-B648-83A52D5DC254}
2013-08-25 11:30:44 -------- d-----w- C:\Users\Joan\AppData\Local\{DE857CE1-B8D5-4C1C-9EA8-9E6631EF8B17}
2013-08-24 06:36:42 -------- d-----w- C:\Users\Joan\AppData\Local\{F2B4CF32-F184-4149-AA72-0F5F36594DAB}
2013-08-22 15:17:08 -------- d-----w- C:\Users\Joan\AppData\Local\{9028800D-9DAA-4F4F-9C2D-838FD6030ED0}
2013-08-22 15:11:51 -------- d-----w- C:\Users\Joan\AppData\Local\{E19E03BE-8082-4589-A48E-D150E7BC005F}
2013-08-21 06:50:28 -------- d-----w- C:\Users\Joan\AppData\Local\{07897A63-3970-4C50-9008-2A2F06C6D8B7}
.
==================== Find3M ====================
.
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-26 18:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys
2013-06-26 18:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys
2013-06-26 18:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys
2013-06-26 18:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll
2013-06-26 18:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll
2013-06-26 18:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys
.
============= FINISH: 9:43:01.86 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 16/04/2012 00:11:11
System Uptime: 18/09/2013 09:18:05 (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K54C
Processor: Intel(R) Celeron(R) CPU B815 @ 1.60GHz | CPU 1 | 1392/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 63.531 GiB free.
D: is FIXED (NTFS) - 154 GiB total, 153.76 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP154: 29/08/2013 14:39:45 - Windows Update
RP155: 30/08/2013 16:42:03 - Windows Update
RP156: 03/09/2013 20:14:21 - Windows Update
RP157: 06/09/2013 20:31:55 - Windows Update
RP158: 09/09/2013 11:44:11 - Installed DirectX
RP159: 13/09/2013 20:19:56 - Windows Update
RP160: 15/09/2013 10:55:25 - Windows Update
RP161: 15/09/2013 11:11:59 - Windows Update
RP162: 15/09/2013 11:41:48 - Windows Update
RP163: 17/09/2013 17:46:08 - Removed ASUS FaceLogon
RP164: 17/09/2013 19:58:10 - Adblock Plus for IE
.
==== Installed Programs ======================
.
Adblock Plus for IE
Adblock Plus for IE (32-bit and 64-bit)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIMP3
Alcor Micro USB Card Reader
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Virtual Camera
ASUS_Screensaver
ATK Package
BitGuard
CCleaner
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
Defraggler
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.5.1_WHQL
Fast Boot
HP Deskjet 3000 J310 series Basic Device Software
HP Deskjet 3000 J310 series Help
inSSIDer
InstantOn for NB
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Junk Mail filter update
KNOWHOW(TM) APP CENTRE
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Nuance PDF Reader
Puran Utilities 3.0
Qualcomm Atheros WiFi Driver Installation
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Sonic Focus
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
18/09/2013 09:43:00, Error: Service Control Manager [7000] - The BitGuard service failed to start due to the following error: The system cannot find the file specified.
18/09/2013 09:28:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.58.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
17/09/2013 17:58:21, Error: Service Control Manager [7000] - The Update LinkSwift service failed to start due to the following error: The system cannot find the file specified.
17/09/2013 17:58:16, Error: Service Control Manager [7031] - The Update LinkSwift service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
17/09/2013 13:55:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BitGuard service to connect.
17/09/2013 13:55:20, Error: Service Control Manager [7000] - The BitGuard service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/09/2013 13:54:50, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ASUS InstantOn Service service to connect.
17/09/2013 13:54:50, Error: Service Control Manager [7000] - The ASUS InstantOn Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2013 15:27:22, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
15/09/2013 11:06:59, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.157.1515.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9800.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
15/09/2013 11:06:59, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.157.1515.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9800.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
15/09/2013 11:06:58, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.157.1515.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9800.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
15/09/2013 11:06:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2853952).
15/09/2013 11:06:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2876315).
13/09/2013 20:21:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.157.1515.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9800.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/09/2013 15:04:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.157.1515.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9800.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
Mr Onion
Regular Member
 
Posts: 77
Joined: June 25th, 2013, 7:00 am
Advertisement
Register to Remove

Re: Is this laptop clean?

Unread postby Mr Onion » September 22nd, 2013, 12:22 pm

I have flattened and reinstalled. Please lock
Mr Onion
Regular Member
 
Posts: 77
Joined: June 25th, 2013, 7:00 am

Re: Is this laptop clean?

Unread postby Wingman » September 22nd, 2013, 12:47 pm

As you have resolved your problem, this topic is now closed.
We are pleased you resolved your computer's malware issues.

[b]If you would like to make a comment or leave a compliment regarding the help you have received,
please see Feedback for Our Helpers - Say "Thanks" Here
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 115 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware