Other half's laptop just trying to clean it up a bit as very slow.
Do these logs look okay? Have deleted all the stuff flagged up in the malware scans but they just seemed to be some social search engine rubbish.
Any pointers appreciated in advance,
Mike
GMER 2.1.19357 - http://www.gmer.net
Rootkit quick scan 2014-04-12 21:17:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST9160827AS rev.3.AHC 149.05GB
Running: qxwwr9m5.exe; Driver: C:\Users\RUBINA~1\AppData\Local\Temp\kwkyykog.sys
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- EOF - GMER 2.1 ----Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/04/2014
Scan Time: 23:33:08
Logfile: MalwareLog.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.12.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Rubina Matharu
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 233466
Time Elapsed: 35 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.Wajam.A, HKLM\SOFTWARE\Wajam, Quarantined, [591d75b43a4134020441377190733ec2],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jpmbfleldcgkldadpdinhjjopdfpjfjp, Quarantined, [bfb70c1d90ebf04648e1beb231d1f709],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 10
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam, Quarantined, [e78f5bcea2d96bcbc1ca45166f9349b7],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\html, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\html, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Wajam, Quarantined, [3e380e1b215a092db601045916ecab55],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Wajam\Chrome, Quarantined, [3e380e1b215a092db601045916ecab55],
Files: 22
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage, Quarantined, [274f3aef9dde181eaef9a1c7df23ad53],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\uninstall.lnk, Quarantined, [e78f5bcea2d96bcbc1ca45166f9349b7],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\manifest.json, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\priam_icon_128x128.png, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\priam_icon_48x48.png, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\html\background.html, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\background.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\browserLoad.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\priam.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\priam_background.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\priam_chrome.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\manifest.json, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\priam_icon_128x128.png, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\priam_icon_48x48.png, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\html\background.html, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\background.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\browserLoad.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam_background.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam_chrome.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Wajam\Chrome\unique_id.txt, Quarantined, [3e380e1b215a092db601045916ecab55],
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Wajam\Chrome\wajam.crx, Quarantined, [3e380e1b215a092db601045916ecab55],
Physical Sectors: 0
(No malicious items detected)
(end)DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.40.2
Run by Rubina Matharu at 17:46:36 on 2014-04-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1790.823 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.z4-forum.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files\alotappbar\bin\ALOTHelper.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\rubina matharu\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\icon22~1.lnk - c:\program files\orange\icon 225 usb connect\ICON 225 USB Connect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0DF8D97C-5001-4AC9-9FE9-0691C0CD108C} : DHCPNameServer = 109.249.185.224 109.249.188.32
TCP: Interfaces\{5698CE59-A0AF-4319-8B87-7FFC17E85036} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5698CE59-A0AF-4319-8B87-7FFC17E85036}\244584572633D2A4E453D4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5698CE59-A0AF-4319-8B87-7FFC17E85036}\B637D6 : DHCPNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/01/2012 12:36:22
System Uptime: 13/04/2014 15:48:31 (2 hours ago)
.
Motherboard: Wistron | | 360A
Processor: AMD Athlon Dual-Core QL-62 | Socket A | 2000/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 25.51 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.745 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP137: 19/03/2014 23:59:29 - Windows Update
RP138: 12/04/2014 14:38:49 - Windows Update
RP139: 13/04/2014 10:48:36 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 9.20
AC3Filter 1.63b
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Adobe Shockwave Player
ALOT Appbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bonjour
BufferChm
BurnAware Free 3.1.6
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Copy
CyberLink DVD Suite
Defraggler
Destinations
DeviceDiscovery
DivX Setup
DJ_AIO_06_F2400_SW_Min
ESU for Microsoft Vista
F2400
Google Chrome
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 13.0
HP Photosmart Essential 2.5
HP Print Projects 1.0
HP Quick Launch Buttons 6.40 D3
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
hpPrintProjects
HPProductAssistant
HPSSupply
HPTCSSetup
hpWLPGInstaller
iCloud
ICON 225 USB Connect
iTunes
Java 7 Update 40
Java Auto Updater
Java(TM) 6 Update 5
Malwarebytes Anti-Malware version 2.0.1.1004
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
Power2Go
PowerDirector
PSSWCORE
PVSonyDll
QuickTime
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Shop for HP Supplies
Skype web features
Skype 6.11
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
Viewpoint Media Player
WebReg
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
13/04/2014 11:00:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.2450.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10401.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/04/2014 11:00:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.2450.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10401.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/04/2014 11:00:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.2450.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10401.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/04/2014 10:57:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.2450.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10401.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/04/2014 10:57:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.2450.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10401.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/04/2014 10:57:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.169.2450.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type:GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-12 22:54:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST9160827AS rev.3.AHC 149.05GB
Running: qxwwr9m5.exe; Driver: C:\Users\RUBINA~1\AppData\Local\Temp\kwkyykog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAcceptConnectPort [0x83093FBF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheck [0x82EDB855]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckAndAuditAlarm [0x83023D47]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByType [0x82E3F897]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByTypeAndAuditAlarm [0x83095895]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByTypeResultList [0x82F18112]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByTypeResultListAndAuditAlarm [0x831060D7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x83106120]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAddAtom [0x83018563]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAddBootEntry [0x8311F9D4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAddDriverEntry [0x83120C2D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAdjustGroupsToken [0x8300ED3B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAdjustPrivilegesToken [0x8309FED3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlertResumeThread [0x830F8DA3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlertThread [0x8304BCC7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAllocateLocallyUniqueId [0x8301B8AB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAllocateReserveObject [0x82FB19E3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAllocateUserPhysicalPages [0x830EAC88]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAllocateUuids [0x8300228C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAllocateVirtualMemory [0x83044CBC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcAcceptConnectPort [0x83091191]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCancelMessage [0x82FF2300]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcConnectPort [0x8309059E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreatePort [0x8300FDB2]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreatePortSection [0x830A195A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreateResourceReserve [0x83012435]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreateSectionView [0x830A173A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreateSecurityContext [0x83099E92]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDeletePortSection [0x830242CF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDeleteResourceReserve [0x830E5A25]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDeleteSectionView [0x8309725F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDeleteSecurityContext [0x830A1B8C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDisconnectPort [0x8307A577]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcImpersonateClientOfPort [0x830952C4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcOpenSenderProcess [0x83026EF4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcOpenSenderThread [0x8301AEED]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcQueryInformation [0x8300CCB8]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcQueryInformationMessage [0x8307ADFE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcRevokeSecurityContext [0x830E5B49]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcSendWaitReceivePort [0x8306D225]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcSetInformation [0x8301A8FD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwApphelpCacheControl [0x8302C3DF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAreMappedFilesTheSame [0x82FE81AB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAssignProcessToJobObject [0x8301A0CC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCallbackReturn [0x82E98F60]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCancelIoFile [0x82FE368B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCancelIoFileEx [0x83017E8D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCancelSynchronousIoFile [0x830D235C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCancelTimer [0x82E453E6]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwClearEvent [0x83046DD0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwClose [0x8305F5C8]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCloseObjectAuditAlarm [0x830957C4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCommitComplete [0x8310D9CA]
SSDT \SystemRoot\system32\ntkrnlpa.exeJump to PostClean. But...
-Remove all old Javas with JavaRa [free] and update to 7.51 [or go to the Java site, update and then run their test/old Java uninstaller tool]. Old Java installations are one of the two greatest security issues.
-Clear your MBAM quarantine.
Clean. But...
-Remove all old Javas with JavaRa [free] and update to 7.51 [or go to the Java site, update and then run their test/old Java uninstaller tool]. Old Java installations are one of the two greatest security issues.
-Clear your MBAM quarantine.
Will do, thanks
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.