0

Other half's laptop just trying to clean it up a bit as very slow.

Do these logs look okay? Have deleted all the stuff flagged up in the malware scans but they just seemed to be some social search engine rubbish.

Any pointers appreciated in advance,

Mike

Attachments
GMER 2.1.19357 - http://www.gmer.net
Rootkit quick scan 2014-04-12 21:17:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST9160827AS rev.3.AHC 149.05GB
Running: qxwwr9m5.exe; Driver: C:\Users\RUBINA~1\AppData\Local\Temp\kwkyykog.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys

---- EOF - GMER 2.1 ----
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/04/2014
Scan Time: 23:33:08
Logfile: MalwareLog.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.12.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Rubina Matharu

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 233466
Time Elapsed: 35 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Wajam.A, HKLM\SOFTWARE\Wajam, Quarantined, [591d75b43a4134020441377190733ec2], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jpmbfleldcgkldadpdinhjjopdfpjfjp, Quarantined, [bfb70c1d90ebf04648e1beb231d1f709], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 10
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam, Quarantined, [e78f5bcea2d96bcbc1ca45166f9349b7], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\html, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\html, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Wajam, Quarantined, [3e380e1b215a092db601045916ecab55], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Wajam\Chrome, Quarantined, [3e380e1b215a092db601045916ecab55], 

Files: 22
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage, Quarantined, [274f3aef9dde181eaef9a1c7df23ad53], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\uninstall.lnk, Quarantined, [e78f5bcea2d96bcbc1ca45166f9349b7], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\manifest.json, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\priam_icon_128x128.png, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\priam_icon_48x48.png, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\html\background.html, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\background.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\browserLoad.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\priam.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\priam_background.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.32_0\js\priam_chrome.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\manifest.json, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\priam_icon_128x128.png, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\priam_icon_48x48.png, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\html\background.html, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\background.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\browserLoad.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam_background.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam_chrome.js, Quarantined, [571f0b1e621951e5d4a369f3f30fb24e], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Wajam\Chrome\unique_id.txt, Quarantined, [3e380e1b215a092db601045916ecab55], 
PUP.Optional.Wajam.A, C:\Users\Rubina Matharu\AppData\Local\Wajam\Chrome\wajam.crx, Quarantined, [3e380e1b215a092db601045916ecab55], 

Physical Sectors: 0
(No malicious items detected)


(end)
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.40.2
Run by Rubina Matharu at 17:46:36 on 2014-04-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.1790.823 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rubina Matharu\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.z4-forum.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files\alotappbar\bin\ALOTHelper.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\rubina matharu\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe"  /autorun
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\icon22~1.lnk - c:\program files\orange\icon 225 usb connect\ICON 225 USB Connect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0DF8D97C-5001-4AC9-9FE9-0691C0CD108C} : DHCPNameServer = 109.249.185.224 109.249.188.32
TCP: Interfaces\{5698CE59-A0AF-4319-8B87-7FFC17E85036} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5698CE59-A0AF-4319-8B87-7FFC17E85036}\244584572633D2A4E453D4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5698CE59-A0AF-4319-8B87-7FFC17E85036}\B637D6 : DHCPNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 20/01/2012 12:36:22
System Uptime: 13/04/2014 15:48:31 (2 hours ago)
.
Motherboard: Wistron |  | 360A
Processor: AMD Athlon Dual-Core QL-62 | Socket A | 2000/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 25.51 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.745 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP137: 19/03/2014 23:59:29 - Windows Update
RP138: 12/04/2014 14:38:49 - Windows Update
RP139: 13/04/2014 10:48:36 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 9.20
AC3Filter 1.63b
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Adobe Shockwave Player
ALOT Appbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bonjour
BufferChm
BurnAware Free 3.1.6
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Copy
CyberLink DVD Suite
Defraggler
Destinations
DeviceDiscovery
DivX Setup
DJ_AIO_06_F2400_SW_Min
ESU for Microsoft Vista
F2400
Google Chrome
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 13.0
HP Photosmart Essential 2.5
HP Print Projects 1.0
HP Quick Launch Buttons 6.40 D3
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
hpPrintProjects
HPProductAssistant
HPSSupply
HPTCSSetup
hpWLPGInstaller
iCloud
ICON 225 USB Connect
iTunes
Java 7 Update 40
Java Auto Updater
Java(TM) 6 Update 5
Malwarebytes Anti-Malware version 2.0.1.1004
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
Power2Go
PowerDirector
PSSWCORE
PVSonyDll
QuickTime
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition 
Shop for HP Supplies
Skype web features
Skype 6.11
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
Viewpoint Media Player
WebReg
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
13/04/2014 11:00:15, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature Version: 1.169.2450.0  	Update Source: Microsoft Update Server  	Update Stage: Install  	Source Path: http://www.microsoft.com  	Signature Type: AntiVirus  	Update Type: Full  	User: NT AUTHORITY\SYSTEM  	Current Engine Version:   	Previous Engine Version: 1.1.10401.0  	Error code: 0x80240016  	Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
13/04/2014 11:00:15, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature Version: 1.169.2450.0  	Update Source: Microsoft Update Server  	Update Stage: Install  	Source Path: http://www.microsoft.com  	Signature Type: AntiVirus  	Update Type: Full  	User: NT AUTHORITY\SYSTEM  	Current Engine Version:   	Previous Engine Version: 1.1.10401.0  	Error code: 0x80240016  	Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
13/04/2014 11:00:15, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature Version: 1.169.2450.0  	Update Source: Microsoft Update Server  	Update Stage: Download  	Source Path: http://www.microsoft.com  	Signature Type: AntiVirus  	Update Type: Full  	User: NT AUTHORITY\SYSTEM  	Current Engine Version:   	Previous Engine Version: 1.1.10401.0  	Error code: 0x80240016  	Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
13/04/2014 10:57:07, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature Version: 1.169.2450.0  	Update Source: Microsoft Update Server  	Update Stage: Install  	Source Path: http://www.microsoft.com  	Signature Type: AntiVirus  	Update Type: Full  	User: NT AUTHORITY\SYSTEM  	Current Engine Version:   	Previous Engine Version: 1.1.10401.0  	Error code: 0x80240016  	Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
13/04/2014 10:57:07, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature Version: 1.169.2450.0  	Update Source: Microsoft Update Server  	Update Stage: Install  	Source Path: http://www.microsoft.com  	Signature Type: AntiVirus  	Update Type: Full  	User: NT AUTHORITY\SYSTEM  	Current Engine Version:   	Previous Engine Version: 1.1.10401.0  	Error code: 0x80240016  	Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
13/04/2014 10:57:07, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature Version: 1.169.2450.0  	Update Source: Microsoft Update Server  	Update Stage: Download  	Source Path: http://www.microsoft.com  	Signature Type: AntiVirus  	Update Type:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-12 22:54:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST9160827AS rev.3.AHC 149.05GB
Running: qxwwr9m5.exe; Driver: C:\Users\RUBINA~1\AppData\Local\Temp\kwkyykog.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAcceptConnectPort [0x83093FBF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAccessCheck [0x82EDB855]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAccessCheckAndAuditAlarm [0x83023D47]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAccessCheckByType [0x82E3F897]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAccessCheckByTypeAndAuditAlarm [0x83095895]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAccessCheckByTypeResultList [0x82F18112]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAccessCheckByTypeResultListAndAuditAlarm [0x831060D7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x83106120]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAddAtom [0x83018563]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAddBootEntry [0x8311F9D4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAddDriverEntry [0x83120C2D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAdjustGroupsToken [0x8300ED3B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAdjustPrivilegesToken [0x8309FED3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlertResumeThread [0x830F8DA3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlertThread [0x8304BCC7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAllocateLocallyUniqueId [0x8301B8AB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAllocateReserveObject [0x82FB19E3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAllocateUserPhysicalPages [0x830EAC88]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAllocateUuids [0x8300228C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAllocateVirtualMemory [0x83044CBC]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcAcceptConnectPort [0x83091191]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcCancelMessage [0x82FF2300]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcConnectPort [0x8309059E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcCreatePort [0x8300FDB2]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcCreatePortSection [0x830A195A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcCreateResourceReserve [0x83012435]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcCreateSectionView [0x830A173A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcCreateSecurityContext [0x83099E92]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcDeletePortSection [0x830242CF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcDeleteResourceReserve [0x830E5A25]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcDeleteSectionView [0x8309725F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcDeleteSecurityContext [0x830A1B8C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcDisconnectPort [0x8307A577]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcImpersonateClientOfPort [0x830952C4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcOpenSenderProcess [0x83026EF4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcOpenSenderThread [0x8301AEED]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcQueryInformation [0x8300CCB8]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcQueryInformationMessage [0x8307ADFE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcRevokeSecurityContext [0x830E5B49]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcSendWaitReceivePort [0x8306D225]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAlpcSetInformation [0x8301A8FD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwApphelpCacheControl [0x8302C3DF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAreMappedFilesTheSame [0x82FE81AB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwAssignProcessToJobObject [0x8301A0CC]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwCallbackReturn [0x82E98F60]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwCancelIoFile [0x82FE368B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwCancelIoFileEx [0x83017E8D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwCancelSynchronousIoFile [0x830D235C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwCancelTimer [0x82E453E6]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwClearEvent [0x83046DD0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwClose [0x8305F5C8]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwCloseObjectAuditAlarm [0x830957C4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                    ZwCommitComplete [0x8310D9CA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe
2
Contributors
2
Replies
8
Views
3 Years
Discussion Span
Last Post by Mike Askew
1

Clean. But...
-Remove all old Javas with JavaRa [free] and update to 7.51 [or go to the Java site, update and then run their test/old Java uninstaller tool]. Old Java installations are one of the two greatest security issues.
-Clear your MBAM quarantine.

Votes + Comments
+rep
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.