0

hi, I was trying to download whatsapp for my pc and lots of rubbish came down instead. I have got rid of most of it but now every time I start IE searching.com comes up. Click on mu home page icon and ok. Also I've tried to uninstall all that came down but can't get rid of YTdownloader. I don't get any popups etc.
I've copied the files requested for the firt post.
I'm unsure where to find the malware log.

Thanks for any help.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-06-17 17:55:18
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10JPVX-22JC3T0 rev.01.01A01 931.51GB
Running: 07ye8y99.exe; Driver: C:\Users\Ronnie\AppData\Local\Temp\pwdiqpog.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\PerfTrack\ScenarioOccurrences\278@OccurrencesLessThanOrEqualTo0ScaledTPI  2616
Reg  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\PerfTrack\ScenarioOccurrences\278@TotalOccurrences                        3183
Reg  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1@InstallDate                                   20150518
Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                                   
Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@83CAF3AD                                          86
Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2272819050-85638227-3812148433-1000@RefCount                  7
Reg  HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9695930A-3FE9-11E4-BB02-806E6F6E6963}               3650563848

---- EOF - GMER 2.1 ----

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17840  BrowserJavaVersion: 11.25.2
Run by Ronnie at 18:00:29 on 2015-06-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.3005.1636 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
C:\Program Files\YTDownloader\YTDownloader.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE
C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
C:\PROGRA~1\YTDOWN~1\BrowserHelper.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe
C:\Users\Ronnie\Desktop\07ye8y99.exe
C:\Program Files\YTDownloader\DownloadHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/?gws_rd=ssl
uDefault_Page_URL = www.google.com
mStart Page = www.google.com
mDefault_Search_URL = www.google.com
uProxyServer = hxxp=127.0.0.1:49213;https=127.0.0.1:49213
uProxyOverride = <-loopback>;<local>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [HP Officejet 4620 series (NET)] "c:\program files\hp\hp officejet 4620 series\bin\ScanToPCActivationApp.exe" -deviceID "CN31K213QR05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [CAHeadless] c:\program files\adobe\elements 11 organizer\caheadless\ElementsAutoAnalyzer.exe
uRun: [YTDownloader] "c:\program files\ytdownloader\YTDownloader.exe" /boot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [WD Drive Unlocker] c:\program files\western digital\wd security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] c:\program files\western digital\wd quick view\WDDMStatus.exe
mRun: [Onboard] c:\program files\western digital\wd smartware\backuptask.exe /onboard "c:\program files\western digital\wd smartware\WDSmartWare.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DriveUtilitiesHelper] c:\program files\western digital\wd utilities\WDDriveUtilitiesHelper.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [YTDownloader] "c:\program files\ytdownloader\YTDownloader.exe" /boot
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\ronnie\appdata\roaming\micros~1\windows\startm~1\programs\startup\29dc.lnk - c:\programdata\{3dbe01e8-befb-e3bf-3dbe-e01e8bef07a2}\29DC.exe
StartupFolder: c:\users\ronnie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ronnie\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2C18ACA0-36CB-4718-8706-C2D287677BF2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2C18ACA0-36CB-4718-8706-C2D287677BF2}\2456C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2C18ACA0-36CB-4718-8706-C2D287677BF2}\F4C64602D416E6F6270284F64756C6 : DHCPNameServer = 8.8.8.8 208.67.220.220
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
R1 MpKsl0bba56af;MpKsl0bba56af;c:\programdata\microsoft\microsoft antimalware\definition updates\{6d8b21cc-df31-4574-a3a5-b665388bad94}\MpKsl0bba56af.sys [2015-6-17 39464]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2015-4-2 31744]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\adobe\elements 11 organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 BrsHelper;BrsHelper;c:\progra~1\ytdown~1\BROWSE~2.EXE [2015-6-15 112560]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-7-17 95408]
R2 sbmntr;sbmntr;c:\progra~1\ytdown~1\sbmntr.sys [2015-6-15 49824]
R2 SWUpdateService;SW Update Service;c:\programdata\samsung\sw update service\SWMAgent.exe [2014-10-21 3000664]
R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2013-8-14 1042808]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2014-5-23 296312]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-9-20 119512]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 305c2e03;IncludeSystem;c:\windows\system32\rundll32.exe [2009-7-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-9-20 1080120]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-2-18 315488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-1-22 88576]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2014-9-19 30504]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2014-9-20 49856]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-6-10 102912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-9-20 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-9-20 51928]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-1-22 184192]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2014-10-29 13464]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-9-20 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2013-7-10 11520]
.
=============== Created Last 30 ================
.
2015-06-17 14:30:29 39464   ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{6d8b21cc-df31-4574-a3a5-b665388bad94}\MpKsl0bba56af.sys
2015-06-16 19:43:56 62576   ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{6d8b21cc-df31-4574-a3a5-b665388bad94}\offreg.832.dll
2015-06-16 19:40:09 9265072 ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{6d8b21cc-df31-4574-a3a5-b665388bad94}\mpengine.dll
2015-06-16 19:38:47 9265072 ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-06-15 21:56:26 --------    d-----w-    c:\programdata\9c7e1d2200004042
2015-06-15 21:50:36 --------    d-----w-    c:\program files\predm
2015-06-15 20:26:54 --------    d-----w-    c:\programdata\abc
2015-06-15 19:22:04 --------    d-----w-    c:\program files\YTDownloader
2015-06-15 19:19:22 --------    d-----w-    c:\users\ronnie\appdata\local\Installer
2015-06-15 19:19:19 --------    d-----w-    c:\users\ronnie\appdata\local\CrashRpt
2015-06-15 19:18:16 --------    d-----w-    c:\users\ronnie\appdata\local\SmartWeb
2015-06-15 19:12:58 --------    d-----w-    c:\users\ronnie\appdata\roaming\WTools
2015-06-15 19:03:59 --------    d-----w-    c:\programdata\5d740d770000516a
2015-06-15 19:02:07 --------    d--h--w-    c:\programdata\jfk
2015-06-15 18:58:59 --------    d-----w-    c:\users\ronnie\appdata\roaming\Andy
2015-06-15 18:58:59 --------    d-----w-    c:\users\ronnie\Andy
2015-06-15 18:58:58 --------    d-----w-    c:\programdata\Andy
2015-06-15 18:58:30 --------    d-----w-    c:\programdata\Andy_44_Online
2015-06-15 18:58:27 --------    d-----w-    c:\users\ronnie\appdata\local\Opera Software
2015-06-15 18:58:26 --------    d-----w-    c:\users\ronnie\appdata\roaming\Opera Software
2015-06-15 18:56:14 --------    d-----w-    c:\programdata\81293a17a6ea4c5c95d9ded0f61b7d96
2015-06-15 18:56:01 --------    d-----w-    c:\programdata\7c0535b143fc4671b6ebd202fbffe066
2015-06-15 18:55:37 --------    d-----w-    c:\program files\ControlThis Parental Control
2015-06-15 18:55:24 --------    d-----w-    c:\program files\13
2015-06-15 18:55:18 --------    d-----w-    c:\program files\015
2015-06-15 09:57:38 650672  ----a-w-    c:\program files\common files\system\SysMenu.dll
2015-06-13 08:41:44 908832  ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{67b05ff9-ef2e-4b5b-87af-84ede62443bb}\gapaengine.dll
2015-06-10 10:58:59 815304  ----a-w-    c:\program files\internet explorer\iexplore.exe
2015-06-10 10:55:36 530432  ----a-w-    c:\windows\system32\comctl32.dll
2015-06-07 18:34:57 --------    d-----w-    c:\users\ronnie\appdata\roaming\HP Photo Creations
2015-05-19 22:49:57 --------    d-----w-    c:\users\ronnie\appdata\roaming\Kodi
2015-05-19 22:49:40 1998168 ----a-w-    c:\windows\system32\D3DX9_43.dll
2015-05-19 22:46:43 --------    d-----w-    c:\program files\Kodi
.
==================== Find3M  ====================
.
2015-06-17 16:46:09 119512  ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-31 10:07:35 778416  ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-05-31 10:07:35 142512  ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-25 18:07:34 3989440 ----a-w-    c:\windows\system32\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-05-25 18:07:33 67520   ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:07:33 137664  ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:04:08 1307648 ----a-w-    c:\windows\system32\ntdll.dll
2015-05-25 18:00:44 40448   ----a-w-    c:\windows\system32\typeperf.exe
2015-05-25 18:00:40 364544  ----a-w-    c:\windows\system32\tracerpt.exe
2015-05-25 18:00:29 69632   ----a-w-    c:\windows\system32\smss.exe
2015-05-25 18:00:26 262656  ----a-w-    c:\windows\system32\rstrui.exe
2015-05-25 18:00:25 37888   ----a-w-    c:\windows\system32\relog.exe
2015-05-25 18:00:17 82944   ----a-w-    c:\windows\system32\logman.exe
2015-05-25 18:00:17 22528   ----a-w-    c:\windows\system32\lsass.exe
2015-05-25 18:00:09 17408   ----a-w-    c:\windows\system32\diskperf.exe
2015-05-25 18:00:04 50176   ----a-w-    c:\windows\system32\auditpol.exe
2015-05-25 17:57:31 60416   ----a-w-    c:\windows\system32\msobjs.dll
2015-05-25 17:57:15 146432  ----a-w-    c:\windows\system32\msaudite.dll
2015-05-25 17:55:18 6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-05-25 17:55:17 686080  ----a-w-    c:\windows\system32\adtschema.dll
2015-05-25 17:00:20 2384384 ----a-w-    c:\windows\system32\win32k.sys
2015-05-25 16:53:50 36864   ----a-w-    c:\windows\system32\UtcResources.dll
2015-05-23 03:28:17 2724864 ----a-w-    c:\windows\system32\mshtml.tlb
2015-05-23 03:28:04 4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2015-05-23 03:15:54 503808  ----a-w-    c:\windows\system32\vbscript.dll
2015-05-23 03:15:40 62464   ----a-w-    c:\windows\system32\iesetup.dll
2015-05-23 03:15:02 47616   ----a-w-    c:\windows\system32\ieetwproxystub.dll
2015-05-23 03:14:51 341504  ----a-w-    c:\windows\system32\html.iec
2015-05-23 03:13:48 64000   ----a-w-    c:\windows\system32\MshtmlDac.dll
2015-05-23 03:05:21 115712  ----a-w-    c:\windows\system32\ieUnatt.exe
2015-05-23 03:05:18 102912  ----a-w-    c:\windows\system32\ieetwcollector.exe
2015-05-23 03:04:50 620032  ----a-w-    c:\windows\system32\jscript9diag.dll
2015-05-23 03:00:14 667648  ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-05-23 02:52:43 60416   ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w-    c:\windows\system32\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w-    c:\windows\system32\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w-    c:\windows\system32\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w-    c:\windows\system32\wininet.dll
2015-05-22 18:03:09 571392  ----a-w-    c:\windows\system32\generaltel.dll
2015-05-22 18:02:54 621568  ----a-w-    c:\windows\system32\invagent.dll
2015-05-22 18:02:49 333824  ----a-w-    c:\windows\system32\devinv.dll
2015-05-22 18:02:46 879104  ----a-w-    c:\windows\system32\appraiser.dll
2015-05-22 18:02:45 37888   ----a-w-    c:\windows\system32\acmigration.dll
2015-05-22 18:02:45 202752  ----a-w-    c:\windows\system32\aepdu.dll
2015-05-22 17:58:27 901120  ----a-w-    c:\windows\system32\aeinv.dll
2015-05-21 13:20:34 163840  ----a-w-    c:\windows\system32\aepic.dll
2015-05-09 03:14:43 169984  ----a-w-    c:\windows\system32\winsrv.dll
2015-05-09 03:13:42 293376  ----a-w-    c:\windows\system32\KernelBase.dll
2015-05-09 03:12:59 271360  ----a-w-    c:\windows\system32\conhost.exe
2015-05-09 01:59:25 6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:59:25 4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:59:25 3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:59:25 3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-01 13:16:41 102608  ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:07:12 4096    ----a-w-    c:\windows\system32\msdxm.ocx
2015-04-29 18:07:12 4096    ----a-w-    c:\windows\system32\dxmasf.dll
2015-04-29 18:07:07 8192    ----a-w-    c:\windows\system32\spwmp.dll
2015-04-29 18:05:19 12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2015-04-20 02:56:29 909312  ----a-w-    c:\windows\system32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w-    c:\windows\system32\DWrite.dll
2015-04-18 02:56:57 342016  ----a-w-    c:\windows\system32\certcli.dll
2015-04-14 08:37:54 51928   ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-04-14 08:37:44 92888   ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 08:37:42 23256   ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-04-13 03:19:24 259072  ----a-w-    c:\windows\system32\services.exe
2015-04-11 03:07:47 54656   ----a-w-    c:\windows\system32\drivers\stream.sys
2015-04-08 03:14:07 22528   ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14:07 216064  ----a-w-    c:\windows\system32\InkEd.dll
2015-04-08 03:14:07 19968   ----a-w-    c:\windows\system32\jnwmon.dll
2015-04-02 22:22:32 31744   ----a-w-    c:\windows\system32\drivers\netfilter.sys
2015-03-25 03:00:57 92672   ----a-w-    c:\windows\system32\wudriver.dll
2015-03-25 03:00:57 3088384 ----a-w-    c:\windows\system32\wucltux.dll
2015-03-25 03:00:57 173056  ----a-w-    c:\windows\system32\wuwebv.dll
2015-03-25 03:00:27 50176   ----a-w-    c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00:18 11776   ----a-w-    c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00:15 33792   ----a-w-    c:\windows\system32\wuapp.exe
.
============= FINISH: 18:00:48.01 ===============



  .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 19/09/2014 12:04:08
System Uptime: 17/06/2015 12:31:27 (6 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | R530/R730                  
Processor: Pentium(R) Dual-Core CPU       T4300  @ 2.10GHz | U2E1 | 2100/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 238.521 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 639 GiB total, 507.545 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP160: 06/06/2015 12:19:17 - Installed Rapport
RP161: 07/06/2015 10:18:53 - Windows Update
RP162: 10/06/2015 12:02:04 - Windows Update
RP163: 13/06/2015 09:18:19 - Windows Update
RP165: 15/06/2015 20:48:46 - Installed Rapport
RP166: 15/06/2015 22:55:07 - Removed Rapport
RP167: 15/06/2015 22:56:53 - Removed Rapport
RP168: 15/06/2015 22:57:49 - Removed Rapport
RP169: 16/06/2015 20:37:49 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 17 ActiveX
Adobe Premiere Elements 11
Adobe Reader XI (11.0.11)
Adobe Refresh Manager
Amazon Kindle
Apple Application Support
calibre
Compatibility Pack for the 2007 Office system
D3DX10
DivX Setup
Dropbox
Elements 11 Organizer
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HP FWUpdateEDO2
HP Officejet 4620 series Basic Device Software
HP Officejet 4620 series Help
HP Officejet 4620 series Product Improvement Study
HP Photo Creations
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
Java 7 Update 67
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
Kodi
Lenovo_Wireless_Driver
Malwarebytes Anti-Malware version 2.1.6.1022
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Image Composite Editor
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft OneDrive
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movie Maker
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon File Uploader 2
Nikon Message Center 2
OJ4620FWUpdateAlert
Photo Common
Photo Gallery
Picture Control Utility
PRE11 STI Installer
QuickTime
Realtek High Definition Audio Driver
S Agent
Samsung Master
Samsung USB Driver
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Setup
Skype Click to Call
Skype™ 7.4
Snapshot (remove only)
SW Update
VC80CRTRedist - 8.0.50727.6195
ViewNX 2
WD Drive Utilities
WD Security
WD SmartWare
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid 1.1.2 final uninstall
YTDownloader
.
==== Event Viewer Messages From Past Week ========
.
16/06/2015 20:26:33, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the IncludeSystem service to connect.
15/06/2015 22:46:55, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureCommand with the following error:  Access is denied.
15/06/2015 22:45:27, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
15/06/2015 22:38:13, Error: Service Control Manager [7034]  - The CoupoonService service terminated unexpectedly.  It has done this 1 time(s).
15/06/2015 22:37:35, Error: Schannel [36887]  - The following fatal alert was received: 40.
15/06/2015 22:37:16, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cherimoya
15/06/2015 22:33:47, Error: Service Control Manager [7031]  - The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
15/06/2015 21:21:16, Error: Service Control Manager [7031]  - The UpdateCheck service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
15/06/2015 20:50:15, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
15/06/2015 20:02:36, Error: Service Control Manager [7034]  - The csrcc service terminated unexpectedly.  It has done this 1 time(s).
15/06/2015 20:02:33, Error: Service Control Manager [7034]  - The 70F4EEDB-1367-4b4f-8247-3133551A7415 service terminated unexpectedly.  It has done this 1 time(s).
15/06/2015 20:01:01, Error: Service Control Manager [7030]  - The GlobalUpdater service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
15/06/2015 20:00:58, Error: Service Control Manager [7030]  - The IMService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
14/06/2015 13:58:00, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
11/06/2015 09:04:07, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
2
Contributors
2
Replies
8
Views
2 Years
Discussion Span
Last Post by rstheshotts
0

Hi, thanks for your help. I managed to uninstall the downloader and ADwcleaner removed searching.com. Everything appears ok now so I'll mark as solved.
Thanks again.
Ronnie

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.