Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MyPC Backup, Hao123, Spigot, Inc [Solved]

Started by adydye , Jun 27 2013 08:01 AM

  • This topic is locked This topic is locked

#31
Nutloaf
Posted 23 July 2013 - 09:38 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Adydye :)

I would like you to reboot in safe mode and try the fix from there.

1. Safe Mode

  • Start Pc and immediately start tapping F8 until the Advanced Boot Options screen appears
  • Select Safe Mode and press Enter
  • Once in Safe Mode try the following amended OTL fix:

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
    SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    DRV - [2010/09/13 16:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

    IE - HKLM\..\SearchScopes,DefaultScope = {9C2A66E6-945D-495E-8BDD-AFBB196F5D26}
    IE - HKLM\..\SearchScopes\{9C2A66E6-945D-495E-8BDD-AFBB196F5D26}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9C2A66E6-945D-495E-8BDD-AFBB196F5D26}
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9C2A66E6-945D-495E-8BDD-AFBB196F5D26}
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jp.hao123.com...00070f1a1fdfc92
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes,DefaultScope = {6F277953-4D32-404D-8CEF-5862398B0187}
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00070f1a1fdfc92
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{6F277953-4D32-404D-8CEF-5862398B0187}: "URL" = http://search.yahoo....p={searchTerms}

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1114
    FF - prefs.js..extensions.enabledItems: [email protected]:4.3
    FF - prefs.js..extensions.enabledItems: [email protected]:4.3
    FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
    FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2013/07/07 18:03:01 | 000,000,000 | ---D | M]

    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" File not found
    O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
    O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" File not found
    O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
    O4 - HKU\S-1-5-21-963821008-549225021-1322928169-1000..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
    O4 - Startup: C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = File not found
    O33 - MountPoints2\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\Shell - "" = AutoRun
    O33 - MountPoints2\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe

    [2013/07/07 18:04:35 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\AVG10
    [2013/07/07 18:04:36 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\IObit
    @Alternate Data Stream - 76 bytes -> C:\Users\Ady\Documents\Microsoft Office XP PRO:Roxio EMC Stream

    :REG
    [HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.google.com"
    "Start Page"="http://www.google.com"

    :FILES
    C:\Program Files\IObit
    C:\Program Files\AVG
    C:\Program Files\MyPC Backup
    C:\Program Files\TelevisionFanaticEI

    :COMMANDS
    [EMPTYTEMP]


If the above fails then carry on with step 2


2. Clean Boot
  • Click Start, type msconfig in the Start Search box, and then press ENTER.
  • Check the Selective Startup box.
    Posted Image
  • Click to clear the Load Startup Items check box.
  • Click the Services tab.
    Posted Image
  • Click to select the Hide All Microsoft Services check box.
  • Click Disable All then click OK.
  • When you are prompted, click Restart.
  • Once back in windows does the problem still occur? Let me know then carry on with step 3 to reset settings.

3. Normal Settings
  • Click Start, type msconfig in the Start Search box, and then press ENTER.
  • Now select the Services Tab Check Hide all Microsoft Services then click enable all
  • Now select the General tab and select Normal Startup then click Apply and O.K and everything is now back to the way it was.
  • Restart PC for changes to take effect

  • 0

Advertisements

#32
adydye
Posted 24 July 2013 - 03:43 PM

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Nutloaf,

I'm starting Windows normally now, although Hao123 is still appearing when I open a new tab in Firefox.

Ady
  • 0

#33
Nutloaf
Posted 24 July 2013 - 03:58 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Awesome sauce! Can you carry on with the steps 2,3 and 4 in this post :thumbsup:
  • 0

#34
adydye
Posted 25 July 2013 - 07:16 AM

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Nutloaf....

No OTL fix log this time - is that correct?

# AdwCleaner v2.306 - Logfile created 07/25/2013 at 12:51:34
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Ady - ADY-MINI
# Boot Mode : Normal
# Running from : C:\Users\Ady\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\1cd2j3fo.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "30c1038b00000000000070f1a1fdfc92");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15612");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114351&tt=3912_1");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://jp.hao123.com/?tn=bbl_hp_hao123_jp&babsrc[...]
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1223:30:08");

*************************

AdwCleaner[R1].txt - [5340 octets] - [29/06/2013 06:23:52]
AdwCleaner[R3].txt - [4236 octets] - [22/07/2013 21:22:24]
AdwCleaner[R4].txt - [4296 octets] - [22/07/2013 21:24:56]
AdwCleaner[R5].txt - [2578 octets] - [25/07/2013 12:50:19]
AdwCleaner[S2].txt - [2553 octets] - [25/07/2013 12:51:34]

########## EOF - C:\AdwCleaner[S2].txt - [2613 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Starter x86
Ran by Ady on 25/07/2013 at 13:09:40.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Ady\AppData\Roaming\mozilla\firefox\profiles\1cd2j3fo.default\prefs.js

user_pref("browser.newtab.url", "hxxp://jp.hao123.com/?tn=bbl_hp_hao123_jp&babsrc=NT_ss&mntrId=30c1038b00000000000070f1a1fdfc92");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/07/2013 at 13:22:43.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Strange log from Security Checkup:

UNSUPPORTED OPERATING SYSTEM! ABORTED!
  • 0

#35
Nutloaf
Posted 25 July 2013 - 02:32 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Adydye good job :) I think the Firefox new tab issue is resolved now you have run ADW and JRT.

I would like the last OTL fis log if you can post that it will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.

Try Security Check again and this time right click the icon and Run as Administrator
  • 0

#36
adydye
Posted 25 July 2013 - 04:43 PM

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
All processes killed
========== OTL ==========
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
File C:\Program Files\MyPC Backup\BackupStack.exe not found.
Error: No service named avgwd was found to stop!
Service\Driver key avgwd not found.
File C:\Program Files\AVG\AVG10\avgwdsvc.exe not found.
Error: No service named AVGIDSAgent was found to stop!
Service\Driver key AVGIDSAgent not found.
File C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe not found.
Error: No service named AVGIDSEH was found to stop!
Service\Driver key AVGIDSEH not found.
File C:\Windows\System32\drivers\AVGIDSEH.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C2A66E6-945D-495E-8BDD-AFBB196F5D26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C2A66E6-945D-495E-8BDD-AFBB196F5D26}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6F277953-4D32-404D-8CEF-5862398B0187}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F277953-4D32-404D-8CEF-5862398B0187}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin\ not found.
File C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f963a5b-e555-4543-90e2-c3908898db71}\ not found.
File C:\Program Files\AVG\AVG10\Firefox\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 4 not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 4 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 not found.
Registry value HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 5 not found.
File move failed. C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\LaunchU3.exe not found.
Folder C:\Users\Ady\AppData\Roaming\AVG10\ not found.
Folder C:\Users\Ady\AppData\Roaming\IObit\ not found.
Unable to delete ADS C:\Users\Ady\Documents\Microsoft Office XP PRO:Roxio EMC Stream .
========== REGISTRY ==========
HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\"Default_Page_URL"|"http://www.google.com" /E : value set successfully!
HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.com" /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files\IObit not found.
File\Folder C:\Program Files\AVG not found.
File\Folder C:\Program Files\MyPC Backup not found.
File\Folder C:\Program Files\TelevisionFanaticEI not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Ady
->Temp folder emptied: 30954 bytes
->Temporary Internet Files folder emptied: 127467 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16129727 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TEMP

User: TEMP.Ady-mini

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17737652 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07242013_222052

Files\Folders moved on Reboot...
File\Folder C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found!
C:\Users\Ady\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#37
Nutloaf
Posted 25 July 2013 - 05:00 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there :) Security Check results? Did it run?
  • 0

#38
adydye
Posted 27 July 2013 - 01:06 PM

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 20
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
  • 0

#39
Nutloaf
Posted 28 July 2013 - 06:16 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Adydye :)

Thanks for the results, let's see if anything remains by running MBAM and ESET.


1. UPDATE AND RUN MALWAREBYTES
  • Open Malwarebytes select the Updates Tab - Select Check for Updates and click O.K
  • Once complete click the Scanner Tab and select Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If a reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs Tab then Open Log I need to see this.

2. FREE ESET SCAN

You will need to disable your currently installed Anti-Virus, how to do so can be read here.


IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I want to see in your next post.
  • Malwarebytes results
  • ESET results

  • 0

#40
adydye
Posted 28 July 2013 - 01:38 PM

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.28.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Ady :: ADY-MINI [administrator]

28/07/2013 20:09:37
mbam-log-2013-07-28 (20-09-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223228
Time elapsed: 13 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

Advertisements

#41
Nutloaf
Posted 28 July 2013 - 06:15 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
MBAM results are good, just the ESET results to go :)
  • 0

#42
adydye
Posted 29 July 2013 - 06:45 AM

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8031611fbdb4d24a8a4d7c8212790e85
# engine=14244
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-03 01:22:43
# local_time=2013-07-03 02:22:43 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 65144774 125324154 0 0
# scanned=143880
# found=1
# cleaned=0
# scan_time=3213
sh=C6DA3DC8713ED168E4A53F19EABB6B9D4FC392DB ft=1 fh=dcb51e3aa98c50e8 vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\_OTL\MovedFiles\07022013_114616\C_Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=25ac129975fd344bafa9936d8c02020a
# engine=14566
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-29 02:04:17
# local_time=2013-07-29 03:04:17 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 540290 127529848 0 0
# scanned=145820
# found=6
# cleaned=0
# scan_time=22587
sh=9D4DD972B7B8DB157D6D0E994D77A920463CCBB1 ft=1 fh=e2ca1b320f290c43 vn="probably a variant of Win32/FreeNew application" ac=I fn="C:\Program Files\FreeApps\FreeApps.exe"
sh=BDB9ADCC6484A7C83FC1BA9C12F8501E1B469F87 ft=1 fh=61b8c62aa949cace vn="probably a variant of Win32/CNETInstaller.A application" ac=I fn="C:\Users\Ady\Downloads\cbsidlm-cbsi109-Advanced_SystemCare-BP-10407614.exe"
sh=62670822B7195A8165694E75AF76377BD02312BA ft=1 fh=edbbae804ac973d7 vn="a variant of Win32/SoftonicDownloader.A application" ac=I fn="C:\Users\Ady\Downloads\SoftonicDownloader_for_itunes.exe"
sh=38A6B92B9972311CE872814FD9C66FAEFA0EA467 ft=1 fh=1e15ad8a177b2f24 vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\_OTL\MovedFiles\07222013_204527\C_Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll"
sh=5408427EB7F7C237112D6D1B43CBD94D284D0F2A ft=1 fh=779be9eb498d6830 vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\_OTL\MovedFiles\07222013_204527\C_Program Files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll"
sh=C6DA3DC8713ED168E4A53F19EABB6B9D4FC392DB ft=1 fh=dcb51e3aa98c50e8 vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\_OTL\MovedFiles\07222013_204527\C_Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll"
  • 0

#43
Nutloaf
Posted 31 July 2013 - 07:37 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Adydye :)

Thanks for the results. I will delete what ESET found using OTL. I would like you to then run JavaRa to remove old updates. Finally an OTL scan to check for leftovers.


The following were downloaded by yourself or bundled in an install to apparently make things better, easier and convieneient, but are a load of rubbish that have caused you grief. My point is, be careful what you download, none of these programs are needed:
  • TelevisionFanatic
  • SoftonicDownloader_for_itunes.exe
  • Advanced_SystemCare-
  • FreeApps

Did you download iTunes from softonic? If so, uninstall iTunes and use this link to download and install iTunes


1. OTL Fix
  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :FILES
    C:\Program Files\FreeApps
    C:\Users\Ady\Downloads\cbsidlm-cbsi109-Advanced_SystemCare-BP-10407614.exe
    C:\Users\Ady\Downloads\SoftonicDownloader_for_itunes.exe

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

2. Do You Need Java? Please read:
  • Java is one of the most exploited software at this time and the majority of home users can do without it. Installing the latest updates is also important
  • The easiest way to find out if Java is needed is to disable Java in your web browser. (see link below)
  • If a trusted program or webpage asks for Java then enable it, otherwise Uninstall completely usingJavaRa

    Update or Remove Java

  • Use this link to download JavaRa
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • Follow the next steps only if you want to install the latest version
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa

3. OTL Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

Things I want to see in your next post.
  • OTL Fix.txt
  • OTL Scan.txt
  • How are things running now? Are the browsers behaving?

  • 0

#44
adydye
Posted 31 July 2013 - 12:37 PM

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello Nutloaf,

I uninstalled itunes and re-installed it from your link.
I uninstalled Java although your instructions and the actual were a little different (fyi).
Browsers acting normally.

========== FILES ==========
C:\Program Files\FreeApps folder moved successfully.
C:\Users\Ady\Downloads\cbsidlm-cbsi109-Advanced_SystemCare-BP-10407614.exe moved successfully.
C:\Users\Ady\Downloads\SoftonicDownloader_for_itunes.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 07312013_185301

OTL logfile created on: 7/31/2013 7:02:54 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ady\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.40% Memory free
3.98 Gb Paging File | 2.70 Gb Available in Paging File | 67.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 54.74 Gb Free Space | 39.33% Space Free | Partition Type: NTFS

Computer Name: ADY-MINI | User Name: Ady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/27 13:25:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ady\Desktop\OTL.exe
PRC - [2013/06/27 12:33:27 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/06/18 16:14:14 | 002,115,864 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/06/18 15:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2013/03/19 15:49:40 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/07 23:42:22 | 000,247,152 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe
PRC - [2010/06/03 01:35:58 | 000,632,176 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2009/11/17 11:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/10 01:13:52 | 000,320,880 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/29 13:39:42 | 000,996,080 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\57595\RapportMS.dll
MOD - [2013/06/27 12:33:26 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/06/18 15:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/10 02:18:28 | 000,577,536 | ---- | M] () -- C:\Windows\System32\EMSC.DLL


========== Services (SafeList) ==========

SRV - [2013/07/22 20:36:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/06/18 15:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/25 11:13:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/11/17 11:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/06/03 22:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV - [2013/07/25 23:04:20 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/07/25 23:04:20 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/07/25 23:04:20 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/18 16:14:30 | 000,103,120 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/06/18 16:14:28 | 000,174,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/06/09 02:45:41 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/05/09 09:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 09:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 09:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 09:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 09:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/11 04:47:06 | 000,853,536 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2010/03/24 10:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/03/10 08:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/26 23:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EMSC.sys -- (EMSC)
DRV - [2009/03/12 19:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/02 02:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1114
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/07/25 23:04:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/27 12:56:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/29 07:13:36 | 000,000,000 | ---D | M]

[2010/09/30 17:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ady\AppData\Roaming\Mozilla\Extensions
[2013/07/07 18:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\1cd2j3fo.default\extensions
[2013/06/27 12:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/27 12:55:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/27 12:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/27 13:20:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/25 23:04:05 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKU\S-1-5-21-963821008-549225021-1322928169-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-963821008-549225021-1322928169-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11C5F837-BB83-4C79-9DAA-5CB681D6914F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e2b9040e-ccb9-11df-b97b-5c260a0d1313}\Shell - "" = AutoRun
O33 - MountPoints2\{e2b9040e-ccb9-11df-b97b-5c260a0d1313}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/31 18:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/31 18:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/31 18:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/07/29 03:15:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/28 20:43:17 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Ady\Desktop\esetsmartinstaller_enu.exe
[2013/07/28 20:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/28 20:07:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/25 13:06:53 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ady\Desktop\JRT.exe
[2013/07/24 22:26:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/07/24 22:09:45 | 000,000,000 | ---D | C] -- C:\Users\Ady\AppData\Local\ElevatedDiagnostics
[2013/07/04 11:14:45 | 000,000,000 | ---D | C] -- C:\Users\Ady\Documents\JavaRa
[2013/07/03 13:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/07/03 12:36:03 | 000,000,000 | ---D | C] -- C:\Users\Ady\AppData\Roaming\Malwarebytes
[2013/07/03 12:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/03 12:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/02 12:15:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/02 12:15:24 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/02 11:46:16 | 000,000,000 | ---D | C] -- C:\_OTL

========== Files - Modified Within 30 Days ==========

[2013/07/31 19:00:09 | 000,160,350 | ---- | M] () -- C:\Users\Ady\Desktop\JavaRa.zip
[2013/07/31 18:50:52 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/31 18:40:18 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 18:40:18 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 18:33:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/31 18:30:20 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/31 18:27:56 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/31 18:27:56 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2013/07/31 18:27:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/31 18:26:54 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/29 13:41:50 | 000,637,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/29 13:41:50 | 000,115,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/28 20:43:18 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Ady\Desktop\esetsmartinstaller_enu.exe
[2013/07/28 20:07:14 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/25 23:04:20 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/07/25 23:04:20 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/07/25 23:04:20 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/25 23:04:20 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/25 23:04:20 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/25 23:04:20 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/25 23:04:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/25 13:37:36 | 000,891,098 | ---- | M] () -- C:\Users\Ady\Desktop\SecurityCheck.exe
[2013/07/25 13:06:57 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ady\Desktop\JRT.exe
[2013/07/25 12:40:10 | 000,031,838 | ---- | M] () -- C:\Users\Ady\Desktop\Ady signature 1_01-1.jpg
[2013/07/22 21:02:32 | 000,279,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/07 18:14:10 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

========== Files Created - No Company Name ==========

[2013/07/31 19:00:04 | 000,160,350 | ---- | C] () -- C:\Users\Ady\Desktop\JavaRa.zip
[2013/07/31 18:50:52 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/28 20:07:14 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/25 23:04:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/25 23:04:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/25 23:04:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/25 13:37:31 | 000,891,098 | ---- | C] () -- C:\Users\Ady\Desktop\SecurityCheck.exe
[2013/07/25 12:40:04 | 000,031,838 | ---- | C] () -- C:\Users\Ady\Desktop\Ady signature 1_01-1.jpg
[2013/07/24 22:34:19 | 000,001,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/07/24 22:34:19 | 000,001,099 | ---- | C] () -- C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2013/07/07 18:14:10 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/20 07:47:43 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/20 07:47:42 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/04/06 10:44:02 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw41.bin
[2012/01/28 21:55:09 | 000,004,608 | ---- | C] () -- C:\Users\Ady\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/02 12:02:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/29 19:46:34 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\calibre
[2010/09/30 20:27:19 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\Easeware
[2012/07/08 17:42:22 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\PhotoScape
[2011/09/03 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\Spotify
[2012/05/02 10:05:19 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\TP
[2010/09/30 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\Western Digital

< End of report >
  • 0

#45
Nutloaf
Posted 31 July 2013 - 04:51 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts

I uninstalled Java although your instructions and the actual were a little different

:thumbsup: Thanks I will have a look at that.

Before I issue my next post, can you tell me if Yahoo! as your homepage in Firefox was your choice?

The log is looking good except for Firefox, so refrain from use until I fix it. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP