Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Rootkit


  • Please log in to reply

#16
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Even with all that it still froze at the firefox part, so i just went ahead and did the frst scan


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2013
Ran by test (administrator) on 07-06-2013 20:38:58
Running from C:\Users\test\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Starfield Technologies, Inc.) C:\Program Files\Workspace\offSyncService.exe
(New Softwares.net) C:\Windows\system32\WinFLService.exe
( ) C:\Windows\system32\lxducoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Secure Search) C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\test\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Skillbrains) C:\Users\test\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe
( New Softwares.net) C:\Windows\System32\WinFLTray.exe
(New Softwares.net) C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(LOL Replay) C:\Program Files\LOLReplay\LOLRecorder.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
( New Softwares.net) C:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\test\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(Last.fm) C:\Program Files\Last.fm\Last.fm Scrobbler.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-05] (PC Tools)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [273528 2011-08-19] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" [1226928 2013-05-21] (AVG Secure Search)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-10] (Microsoft Corporation)
HKCU\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] "C:\Users\test\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-27] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\test\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-01] ()
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [LightShot] C:\Users\test\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [226152 2013-02-21] ()
HKCU\...\Run: [WinFLTray] C:\Windows\system32\WinFLTray.exe [321736 2013-05-31] ( New Softwares.net)
HKCU\...\Run: [FLBackup] C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2013-05-31] (New Softwares.net)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Admin\...\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2010-02-25] (Google Inc.)
HKU\Admin\...\Run: [0c838dfbdedb073d6dc42793823cf79a] C:\Users\Admin\DOWNLO~1\ZUMASR~2.EXE /r [ 2010-07-27] (RealNetworks, Inc.)
HKU\Admin\...\Run: [cdloader] "C:\Users\Admin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [ 2011-05-16] (magicJack L.P.)
HKU\Admin\...\Run: [Starfield Updater] "C:\Users\Admin\AppData\Local\Workspace\workspaceupdate.exe" [x]
HKU\Admin\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [x]
HKU\Admin\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Admin\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [ 2013-01-01] ()
HKU\Admin\...\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [ 2011-07-25] (Sony Ericsson)
HKU\Tess\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Tess\...\Run: [cdloader] "C:\Users\Tess\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [ 2010-12-03] (magicJack L.P.)
HKU\Tess\...\Run: [Google Update] "C:\Users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2011-06-18] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files\LOLReplay\LOLRecorder.exe (LOL Replay)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU SearchScopes: DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
PDF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
PDF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.666 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.666 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.666 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.666 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.666 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{eb89481f-b768-7634-b5cf-43541d908c44}.xpi

Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com/?cid={25D2A92D-18B8-4879-A09B-86286FCB24A3}&mid=6a701d80af2047d3aa42d168d1d6c4dd-4dec49aa81c4777199b547a92e83b151ddf97d92&lang=en&ds=sf011&pr=sa&d=2013-02-17 08:52:38&v=14.2.0.1&pid=safeguard&sg=1&sap=hp
CHR RestoreOnStartup: "hxxp://mysearch.avg.com/?cid={25D2A92D-18B8-4879-A09B-86286FCB24A3}&mid=6a701d80af2047d3aa42d168d1d6c4dd-4dec49aa81c4777199b547a92e83b151ddf97d92&lang=en&ds=sf011&pr=sa&d=2013-02-17 08:52:38&v=14.2.0.1&pid=safeguard&sg=1&sap=hp"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\test\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\test\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\test\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\test\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Search) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! WebRep) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 CVCompressionService; C:\Program Files\CVision\Services\CVCompressionService.exe [184320 2008-03-08] (CVISION Technologies)
R2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1215216 2011-02-02] (Starfield Technologies, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [589824 2009-10-16] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-22] (Microsoft Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [229376 2011-04-08] (Puran Software)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-30] (Avanquest Software)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35560 2012-08-01] (AnchorFree Inc.)
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
S4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation)
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-12-01] (Screaming Bee LLC)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [62464 2007-09-27] (silex technology, Inc.)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-08-01] (AnchorFree Inc)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex)
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-05-31] ()
R2 WinVDEDrv; C:\Windows\system32\WinVDEdrv.sys [228112 2013-05-31] (NewSoftwares.net, Inc.)
R3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 XDva390; \??\C:\Windows\system32\XDva390.sys [x]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [x]
S3 XDva392; \??\C:\Windows\system32\XDva392.sys [x]
S3 XDva393; \??\C:\Windows\system32\XDva393.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
U3 mbr; \??\C:\Users\test\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-07 20:32 - 2013-06-07 20:32 - 00602112 ____A (OldTimer Tools) C:\Users\test\Desktop\OTL.scr
2013-06-07 14:41 - 2013-06-07 14:41 - 00024158 ____A C:\ComboFix.txt
2013-06-07 14:06 - 2013-06-07 14:41 - 00000000 ____D C:\Qoobox
2013-06-07 14:06 - 2013-06-07 14:41 - 00000000 ____D C:\ComboFix
2013-06-07 14:06 - 2013-06-07 14:39 - 00000000 ____D C:\Windows\erdnt
2013-06-07 14:06 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-07 14:06 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-07 14:06 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-07 14:06 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-07 14:06 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-07 14:06 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-07 14:06 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-07 14:06 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-07 12:34 - 2013-06-07 12:34 - 05078746 ____R (Swearware) C:\Users\test\Desktop\ComboFix.exe
2013-06-07 10:39 - 2013-06-07 10:39 - 00171164 ___AH C:\Windows\System32\mlfcache.dat
2013-06-07 09:21 - 2013-06-07 09:21 - 00067623 ____A C:\Users\test\Desktop\JRT.txt
2013-06-07 09:18 - 2013-06-07 09:18 - 00000000 ____D C:\Windows\ERUNT
2013-06-07 09:02 - 2013-06-07 09:18 - 00000000 ____D C:\JRT
2013-06-07 09:02 - 2013-06-07 09:02 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\test\Desktop\JRT.exe
2013-06-06 23:07 - 2013-06-06 23:07 - 01358191 ____A (Farbar) C:\Users\test\Desktop\FRST.exe
2013-06-06 14:37 - 2013-06-06 23:08 - 00000000 ____D C:\FRST
2013-06-04 14:39 - 2013-06-04 14:39 - 00001741 ____A C:\Users\Public\Desktop\LOL Recorder.lnk
2013-06-03 00:51 - 2013-06-04 01:02 - 00001213 __ASH C:\Users\test\AppData\Local\win_fldb_sys.dat
2013-06-03 00:51 - 2013-06-04 01:02 - 00000693 __ASH C:\Windows\System32\win_fldb_sys.dat
2013-06-03 00:50 - 2013-06-04 00:23 - 00000700 __ASH C:\Users\test\AppData\Local\systemFL7.dat
2013-06-01 21:29 - 2013-06-01 21:29 - 00000000 ____D C:\Program Files\Common Files\Spigot
2013-05-31 22:57 - 2013-05-31 22:57 - 00002301 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2013-05-31 21:38 - 2013-05-31 21:38 - 00000000 ____D C:\Users\test\Documents\My Spore Creations
2013-05-31 21:38 - 2013-05-31 21:38 - 00000000 ____D C:\Users\test\AppData\Roaming\SPORE Creature Creator
2013-05-31 19:34 - 2013-06-04 00:23 - 00003465 __ASH C:\Windows\System32\win_stlthdb_sys.dat
2013-05-31 19:34 - 2013-06-04 00:23 - 00003465 __ASH C:\Users\test\AppData\Local\win_stlthdb_sys.dat
2013-05-31 19:34 - 2013-05-31 19:34 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTrayShred.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTray.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00228112 ____A (NewSoftwares.net, Inc.) C:\Windows\System32\WinVDEdrv.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00188176 ____A C:\Windows\System32\WinVDEdrv6.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00092360 ____A (New Softwares.net) C:\Windows\System32\WinFLService.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00040960 ____A C:\Windows\System32\nwsftUninstall.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00029184 ____A C:\Windows\System32\WinFLAdrv.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00014024 ____A C:\Windows\System32\WinFLMsgService.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00000995 ____A C:\Users\Public\Desktop\Folder Lock.lnk
2013-05-31 19:34 - 2013-05-31 19:34 - 00000000 ____D C:\Program Files\NewSoftware's
2013-05-26 17:13 - 2013-06-03 18:21 - 00000000 ____D C:\Minetest
2013-05-26 15:42 - 2013-05-26 15:49 - 00000000 ____D C:\Manic Digger
2013-05-26 14:05 - 2013-05-26 14:05 - 00000000 ____D C:\Users\test\wurm
2013-05-26 14:04 - 2013-05-26 14:04 - 00002061 ____A C:\Users\test\Desktop\Wurm Online.lnk
2013-05-26 13:39 - 2013-05-26 14:05 - 00000000 ____D C:\BrickForce
2013-05-21 16:58 - 2013-05-21 16:58 - 00011357 ____A C:\Users\test\Documents\blank.jpeg
2013-05-18 21:18 - 2013-05-18 21:18 - 00006002 ____A C:\Users\test\Desktop\Router_Setup.html
2013-05-18 21:18 - 2010-06-30 01:27 - 00000172 ___RA C:\Users\test\Desktop\Router Login.url
2013-05-18 19:46 - 2010-06-30 01:27 - 00049904 ___RA (Avanquest Software) C:\Windows\System32\Drivers\BVRPMPR5.SYS
2013-05-18 19:44 - 2013-05-18 21:46 - 00000000 ____D C:\Netgear
2013-05-16 03:11 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:11 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:02 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:02 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:02 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 03:02 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:02 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:02 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 03:02 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:02 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:02 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 03:02 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 03:02 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:02 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:02 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 03:02 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 14:31 - 2013-04-15 07:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 14:31 - 2013-04-13 03:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 14:31 - 2013-04-08 18:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-13 17:48 - 2013-05-13 17:48 - 00000914 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-09 14:57 - 2013-05-09 14:57 - 00000000 ____A C:\Users\test\Desktop\New WinZip Zipx File.zipx
2013-05-09 14:10 - 2013-05-09 14:10 - 00000000 ____D C:\Users\test\AppData\Local\SplitMediaLabs
2013-05-09 14:08 - 2013-05-09 14:08 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2013-05-09 14:08 - 2013-05-09 14:08 - 00000000 ____D C:\Program Files\SplitMediaLabs
2013-05-09 14:05 - 2013-05-09 14:05 - 00000000 ____D C:\Users\test\AppData\Roaming\SplitMediaLabs

==================== One Month Modified Files and Folders ========

2013-06-07 20:36 - 2012-07-16 04:47 - 00000000 ____D C:\Users\test\AppData\Roaming\Skype
2013-06-07 20:34 - 2011-10-27 13:28 - 00000000 ____D C:\Users\test\AppData\Local\Last.fm
2013-06-07 20:34 - 2011-06-18 23:00 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1007UA.job
2013-06-07 20:32 - 2013-06-07 20:32 - 00602112 ____A (OldTimer Tools) C:\Users\test\Desktop\OTL.scr
2013-06-07 20:30 - 2011-10-26 22:51 - 00000000 ____D C:\Users\test\AppData\Local\PMB Files
2013-06-07 20:30 - 2011-07-28 17:37 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-07 20:26 - 2006-11-02 05:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-07 20:26 - 2006-11-02 05:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-07 20:05 - 2011-11-03 16:48 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013UA.job
2013-06-07 19:51 - 2013-04-01 21:50 - 00000374 ____A C:\Windows\Tasks\update-sys.job
2013-06-07 19:51 - 2012-06-02 13:25 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013UA.job
2013-06-07 19:51 - 2008-01-20 18:35 - 02024918 ____A C:\Windows\WindowsUpdate.log
2013-06-07 19:47 - 2010-02-02 08:59 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-07 19:42 - 2010-02-25 13:39 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1000UA.job
2013-06-07 19:10 - 2013-04-01 21:50 - 00000374 ____A C:\Windows\Tasks\update-S-1-5-21-4173232996-1987906121-3502484201-1013.job
2013-06-07 18:42 - 2010-02-25 13:39 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1000Core.job
2013-06-07 17:34 - 2011-06-18 23:00 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1007Core.job
2013-06-07 16:51 - 2012-06-02 13:25 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013Core.job
2013-06-07 14:41 - 2013-06-07 14:41 - 00024158 ____A C:\ComboFix.txt
2013-06-07 14:41 - 2013-06-07 14:06 - 00000000 ____D C:\Qoobox
2013-06-07 14:41 - 2013-06-07 14:06 - 00000000 ____D C:\ComboFix
2013-06-07 14:41 - 2006-11-02 04:18 - 00000000 __RHD C:\users\Default
2013-06-07 14:41 - 2006-11-02 04:18 - 00000000 ___RD C:\users\Public
2013-06-07 14:39 - 2013-06-07 14:06 - 00000000 ____D C:\Windows\erdnt
2013-06-07 14:36 - 2010-02-02 08:59 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-07 14:36 - 2006-11-02 03:23 - 00000215 ____A C:\Windows\system.ini
2013-06-07 14:26 - 2010-09-30 15:17 - 00183351 ____A C:\Windows\offSyncService.log
2013-06-07 14:26 - 2008-01-20 19:47 - 00704634 ____A C:\Windows\PFRO.log
2013-06-07 14:26 - 2006-11-02 06:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-07 14:25 - 2006-11-02 06:01 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-07 14:25 - 2006-11-02 03:22 - 79429632 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-06-07 14:25 - 2006-11-02 03:22 - 40632320 ____A C:\Windows\System32\config\COMPON~2.bak
2013-06-07 14:25 - 2006-11-02 03:22 - 39321600 ____A C:\Windows\System32\config\SYSTEM.bak
2013-06-07 14:25 - 2006-11-02 03:22 - 05242880 ____A C:\Windows\System32\config\DEFAULT.bak
2013-06-07 14:25 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-06-07 14:25 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-06-07 14:22 - 2008-12-15 20:34 - 00000000 ____D C:\users\Admin
2013-06-07 12:34 - 2013-06-07 12:34 - 05078746 ____R (Swearware) C:\Users\test\Desktop\ComboFix.exe
2013-06-07 11:48 - 2011-07-18 14:13 - 00002281 ____A C:\Users\Public\Desktop\Safari.lnk
2013-06-07 10:39 - 2013-06-07 10:39 - 00171164 ___AH C:\Windows\System32\mlfcache.dat
2013-06-07 09:34 - 2006-11-02 03:23 - 00002577 ____A C:\Windows\System32\config.nt
2013-06-07 09:21 - 2013-06-07 09:21 - 00067623 ____A C:\Users\test\Desktop\JRT.txt
2013-06-07 09:18 - 2013-06-07 09:18 - 00000000 ____D C:\Windows\ERUNT
2013-06-07 09:18 - 2013-06-07 09:02 - 00000000 ____D C:\JRT
2013-06-07 09:02 - 2013-06-07 09:02 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\test\Desktop\JRT.exe
2013-06-07 09:00 - 2011-11-07 16:34 - 00000000 ____D C:\Users\test\AppData\Local\CrashDumps
2013-06-07 01:04 - 2011-11-03 16:48 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013Core.job
2013-06-07 00:59 - 2009-04-24 10:02 - 00000328 ____A C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2013-06-06 23:15 - 2012-11-21 22:58 - 00000000 ____D C:\Users\test\AppData\Local\Akamai
2013-06-06 23:08 - 2013-06-06 14:37 - 00000000 ____D C:\FRST
2013-06-06 23:07 - 2013-06-06 23:07 - 01358191 ____A (Farbar) C:\Users\test\Desktop\FRST.exe
2013-06-04 18:10 - 2011-11-03 16:49 - 00002075 ____A C:\Users\test\Desktop\Google Chrome.lnk
2013-06-04 14:39 - 2013-06-04 14:39 - 00001741 ____A C:\Users\Public\Desktop\LOL Recorder.lnk
2013-06-04 14:39 - 2013-03-31 14:54 - 00000000 ____D C:\Program Files\LOLReplay
2013-06-04 01:02 - 2013-06-03 00:51 - 00001213 __ASH C:\Users\test\AppData\Local\win_fldb_sys.dat
2013-06-04 01:02 - 2013-06-03 00:51 - 00000693 __ASH C:\Windows\System32\win_fldb_sys.dat
2013-06-04 00:23 - 2013-06-03 00:50 - 00000700 __ASH C:\Users\test\AppData\Local\systemFL7.dat
2013-06-04 00:23 - 2013-05-31 19:34 - 00003465 __ASH C:\Windows\System32\win_stlthdb_sys.dat
2013-06-04 00:23 - 2013-05-31 19:34 - 00003465 __ASH C:\Users\test\AppData\Local\win_stlthdb_sys.dat
2013-06-03 18:21 - 2013-05-26 17:13 - 00000000 ____D C:\Minetest
2013-06-03 12:36 - 2011-12-15 20:08 - 00000000 ____D C:\Users\test\AppData\Roaming\vlc
2013-06-01 21:29 - 2013-06-01 21:29 - 00000000 ____D C:\Program Files\Common Files\Spigot
2013-06-01 07:28 - 2011-10-26 22:48 - 00000000 ____D C:\Program Files\Puran Defrag
2013-05-31 22:57 - 2013-05-31 22:57 - 00002301 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2013-05-31 22:57 - 2012-12-14 19:25 - 00000000 ____D C:\Users\test\AppData\Roaming\WildTangent
2013-05-31 22:57 - 2011-10-10 13:54 - 00000000 ____D C:\ProgramData\WildTangent
2013-05-31 22:57 - 2011-10-10 13:54 - 00000000 ____D C:\Program Files\WildTangent Games
2013-05-31 21:38 - 2013-05-31 21:38 - 00000000 ____D C:\Users\test\Documents\My Spore Creations
2013-05-31 21:38 - 2013-05-31 21:38 - 00000000 ____D C:\Users\test\AppData\Roaming\SPORE Creature Creator
2013-05-31 19:34 - 2013-05-31 19:34 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTrayShred.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTray.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00228112 ____A (NewSoftwares.net, Inc.) C:\Windows\System32\WinVDEdrv.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00188176 ____A C:\Windows\System32\WinVDEdrv6.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00092360 ____A (New Softwares.net) C:\Windows\System32\WinFLService.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00040960 ____A C:\Windows\System32\nwsftUninstall.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00029184 ____A C:\Windows\System32\WinFLAdrv.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00014024 ____A C:\Windows\System32\WinFLMsgService.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00000995 ____A C:\Users\Public\Desktop\Folder Lock.lnk
2013-05-31 19:34 - 2013-05-31 19:34 - 00000000 ____D C:\Program Files\NewSoftware's
2013-05-30 10:53 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\MSAgent
2013-05-30 09:29 - 2012-01-22 13:25 - 00000961 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-30 09:29 - 2011-10-26 23:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-30 09:11 - 2010-01-26 08:17 - 00000000 ___RD C:\Program Files\Skype
2013-05-30 09:11 - 2010-01-26 08:17 - 00000000 ____D C:\ProgramData\Skype
2013-05-29 16:46 - 2011-12-15 19:19 - 00000000 ____D C:\Users\test\AppData\Roaming\uTorrent
2013-05-27 11:15 - 2013-04-01 21:50 - 00000438 ____A C:\Users\test\AppData\Local\UserProducts.xml
2013-05-26 16:12 - 2011-10-27 16:29 - 00094720 ____A C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-26 15:49 - 2013-05-26 15:42 - 00000000 ____D C:\Manic Digger
2013-05-26 14:05 - 2013-05-26 14:05 - 00000000 ____D C:\Users\test\wurm
2013-05-26 14:05 - 2013-05-26 13:39 - 00000000 ____D C:\BrickForce
2013-05-26 14:05 - 2011-10-26 22:12 - 00000000 ____D C:\users\test
2013-05-26 14:04 - 2013-05-26 14:04 - 00002061 ____A C:\Users\test\Desktop\Wurm Online.lnk
2013-05-25 10:22 - 2013-02-17 09:52 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-05-24 14:27 - 2012-08-07 14:49 - 00000000 ____D C:\Users\test\AppData\Local\Screencast-O-Matic
2013-05-21 16:58 - 2013-05-21 16:58 - 00011357 ____A C:\Users\test\Documents\blank.jpeg
2013-05-21 09:39 - 2006-11-02 03:33 - 00935306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-21 03:01 - 2013-02-17 09:52 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-05-18 21:46 - 2013-05-18 19:44 - 00000000 ____D C:\Netgear
2013-05-18 21:18 - 2013-05-18 21:18 - 00006002 ____A C:\Users\test\Desktop\Router_Setup.html
2013-05-16 03:43 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 03:33 - 2006-11-02 05:47 - 00380264 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:13 - 2008-12-22 19:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-13 17:48 - 2013-05-13 17:48 - 00000914 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-09 14:57 - 2013-05-09 14:57 - 00000000 ____A C:\Users\test\Desktop\New WinZip Zipx File.zipx
2013-05-09 14:10 - 2013-05-09 14:10 - 00000000 ____D C:\Users\test\AppData\Local\SplitMediaLabs
2013-05-09 14:08 - 2013-05-09 14:08 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2013-05-09 14:08 - 2013-05-09 14:08 - 00000000 ____D C:\Program Files\SplitMediaLabs
2013-05-09 14:05 - 2013-05-09 14:05 - 00000000 ____D C:\Users\test\AppData\Roaming\SplitMediaLabs
2013-05-09 01:59 - 2013-03-20 00:13 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 01:59 - 2013-03-20 00:13 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 01:59 - 2011-10-26 23:24 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 01:59 - 2011-10-26 23:24 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 01:59 - 2011-10-26 23:24 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 01:59 - 2011-10-26 23:24 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 01:59 - 2011-10-26 23:24 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-05-09 01:59 - 2011-10-26 23:24 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 01:58 - 2011-10-26 23:22 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-09 01:58 - 2011-10-26 23:22 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-06-07 14:42

==================== End Of Log ============================
  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Even with all that it still froze at the firefox part, so i just went ahead and did the frst scan


Probably being stopped by a security program, most likely AVG.

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#18
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I have avast but I disabled the shields before doing the scan, anyways here the txt


Results of screen317's Security Check version 0.99.64
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Firewall Enabled!
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

I have avast but I disabled the shields before doing the scan


Yes, it looks like the AVG one was installed without your knowledge, see here.

Let's see is we can remove it.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Your anti-virus is out of date. Please update it or alternatively (if it is a paid for version and your subscription has run out) look at installing one of the options below:

Here are three good antivirus free for personal use:Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Step 2

Your Java is out of date. Older versions are vunerable to attack.

Please follow these steps:

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Step 3

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

Note: Before you download ensure you uncheck the "Yes install Chrome (or McAfee) as default browser and Google Toolbar for Internet Explorer" option. That is foistware.

http://www.adobe.com.../readstep2.html

When you return please post
  • Fixlog.txt

  • 0

#20
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-06-2013
Ran by test at 2013-06-08 13:57:29 Run:2
Running from C:\Users\test\Desktop
Boot Mode: Normal

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => Key not found.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll not found.
CHR HomePage: hxxp://mysearch.avg.com/?cid={25D2A92D-18B8-4879-A09B-86286FCB24A3}&mid=6a701d80af2047d3aa42d168d1d6c4dd-4dec49aa81c4777199b547a92e83b151ddf97d92&lang=en&ds=sf011&pr=sa&d=2013-02-17 08:52:38&v=14.2.0.1&pid=safeguard&sg=1&sap=hp ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://mysearch.avg.com/?cid={25D2A92D-18B8-4879-A09B-86286FCB24A3}&mid=6a701d80af2047d3aa42d168d1d6c4dd-4dec49aa81c4777199b547a92e83b151ddf97d92&lang=en&ds=sf011&pr=sa&d=2013-02-17 08:52:38&v=14.2.0.1&pid=safeguard&sg=1&sap=hp" ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files\AVG SafeGuard toolbar\vprot.exe => No running process found
vToolbarUpdater15.2.0 => Service not found.
C:\Program Files\AVG SafeGuard toolbar => File/Directory not found.
C:\Windows\System32\Drivers\avgtpx86.sys => File/Directory not found.

==== End of Fixlog ====
  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hmm...

Try this:

In Google Chrome:

  • Click the wrench icon on the browser toolbar.
  • Click Tools.
  • Select Extensions.
  • Click the trash can icon by RestoreOnStartup or mysearch.avg or AVG SafeGuard or AVG SiteSafety or similar if they are there.
  • A confirmation dialog will appear, click Remove.
After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#22
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
am i supposed to delete the things it found or no?

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmartShopper7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\YouTube Downloader\ytd_installer.exe a variant of Win32/Bundled.Toolbar.Ask.C application
C:\FRST\Quarantine\[email protected]\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\FoxTabAudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files\FrostWire 5\frostwire-installer.exe multiple threats cleaned by deleting - quarantined
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Program Files\WildGames\Wedding Salon\WeddingSalon.exe a variant of Win32/Kryptik.BCY trojan cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmartShopper7.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Bundled.Toolbar.Ask.C application cleaned by deleting - quarantined
C:\Users\Admin\Downloads\Install_Regwork.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Admin\Downloads\ZumasRevenge_Setup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQTP7EKH\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\test\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\test\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application deleted - quarantined
C:\Users\test\Desktop\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\test\Desktop\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\test\Desktop\Downloads\playpickle_d249744.exe a variant of Win32/Toolbar.CrossRider.C application cleaned by deleting - quarantined
C:\Users\test\Desktop\Downloads\SoftonicDownloader_for_voice-changer-software.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\test\Pictures\2011-11-26\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\Installer\3953c1f.msi probably a variant of Win32/Toolbar.Widgi application deleted - quarantined




Is this the text you wanted?

Edited by Earthless94, 09 June 2013 - 11:47 AM.

  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Is this the text you wanted?


Yep.

am i supposed to delete the things it found or no?


They have been moved to quarantine and can't do anything but if you are given the option to delete then yes. We will deal with it at CleanUp either way. :)

How is your machine now?
  • 0

#24
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Its running a lot better now. Anything else to do or no?
  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Earthless94,

I think you are good to go now. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP