Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Virus possible Artua Vladislav (fs) and other symptoms [Closed


  • This topic is locked This topic is locked

#106
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let me try to get some clarification.
1. First of all are your Windows updates current?
2. When you are just browsing the web the browser will freeze, is that correct and does that happen in all browsers?
3. When you watch videos from YouTube what video player do you use?
What I'm trying to find out is if the problem occurs with any other media player other than iPlayer.
4. Does the problem of the video not playing happen if you download a video to the hard drive and then watch it? If it does then does it happen just with iPlayer or do you have the same problem with say Windows Media Player?
5. Do you have a movie on DVD that you can watch using Windows Media Player and see if it will play?

Thanks
  • 0

Advertisements


#107
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Ok,Answer to your questions in order:
1. My windows update, is dated 11th Sept 13 I checked and no other updates showing via my icon on my desktop.
2. Yes, all browsers
3. Not sure what video player, I just log onto youtube from browser (how can I check?). Yes the problem happens when surfing, in youtube, in iplayer, following a link to a website - mostly though it tends to freeze when watching videos online or iplayer.
4. I don't know I don't usually download a video just play it from the website or page like on youtube etc
5. I don't own movies on DVD, however I'll see what I can find to test, I'll respond tomorrow about that.

thanks Godawgs.
  • 0

#108
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I'm thinking that the issue is with a audio or video drive that needs updating or has a problem. Let's check the device manager and see if there are any problems.

  • Click on Start and then Run.
  • Type the following command in the Open: text box, and then hit the Enter key or click on the OK button.

    devmgmt.msc
  • The Device Manager should display right away.

    Posted Image
  • Do you see a yellow question mark or exclamation point or red X next to any of the Devices?.
If you do please take a screen shot and post it in your next reply.

Capture a Screen Shot

  • When you have the screen up that you want to capture...click on the ALT key + PRT SCR key. This will put the screen shot in the clipboard.
  • Click on Start>> All Programs>> Accessories>> Paint. A Paint window will open up.
  • Left click in the white area and press the CTRL + V keys. This will paste the screen shot from the clipboard into the Paint window.
  • On the Menu bar at the top of the Paint window, click on File, click on Save and save it to your desktop.
  • In the File Name box, name it something related to the screen your capturing.
  • In the Save as type: box, BE SURE TO SAVE IT AS A .JPG ...otherwise it may be to big to upload.

To upload the screen shot and put it in a post, click on this link for directions.

If you don't see any yellow question marks or exclamation points or red X's please let me know the make and model of the computer and whether it is a desktop or laptop.
  • 0

#109
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi Godawgs, no yellow ? or anything else against the items listed, so no screen shot needed.

Make an model? Desktop, I had it specially built by a local computer firm so by them with I guess all the standard parts!

What other info do you need?

thanks
  • 0

#110
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Have all of the other issues except the videos causing the computer to freeze been resolved?
Let's get one last OTL scan


Posted Image OTL Scan

Please re-open Posted Image on the desktop. To do that:
  • Vista /7 users: right click the icon and click Run as Administrator.
Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console, click the box beside Scan All Users
  • Make sure the Output box at the top is set to Standard Output.
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know of any issues other than the video hanging issue.
2. The new OTL log
  • 0

#111
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi, ok,

1. Still having problems with video's hanging AND browsers hanging too, all browsers - it was funny trying to get to this page firefox said "problem loading page" and failed the first try, second time lucky though! Also sometimes find it affects my skype calls ie they often cut out a lot or I need to re-dial but that could just be a bandwidth issue.

thanks Godawags, when it works it does work well though much faster than before so things are better.


2. Here is the scan log:

OTL logfile created on: 01/10/2013 21:53:21 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frances\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.44% Memory free
3.98 Gb Paging File | 2.96 Gb Available in Paging File | 74.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 149.46 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 9.73 Gb Free Space | 49.83% Space Free | Partition Type: NTFS
Drive F: | 54.99 Gb Total Space | 7.59 Gb Free Space | 13.80% Space Free | Partition Type: NTFS

Computer Name: FRANCES-PC | User Name: Frances | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/15 20:33:10 | 000,436,800 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/07/12 13:59:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frances\Desktop\OTL.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/25 01:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/23 21:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/18 00:02:32 | 001,975,296 | ---- | M] (Alexander Nikiforov) -- C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe
PRC - [2011/09/07 15:06:32 | 001,841,664 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/07/11 21:10:28 | 001,176,064 | ---- | M] () -- C:\Program Files\VisionBoard\visionboardlauncher.exe
PRC - [2007/01/01 22:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/21 23:48:15 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 23:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/15 18:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/04/23 23:57:26 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/03/13 21:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/12/12 06:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/11/14 00:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Frances\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 11:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/11 21:10:28 | 001,176,064 | ---- | M] () -- C:\Program Files\VisionBoard\visionboardlauncher.exe
MOD - [2009/06/10 22:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll


========== Services (SafeList) ==========

SRV - [2013/10/01 16:41:13 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/23 00:49:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 21:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/09 10:17:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Frances\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/04/11 11:06:45 | 000,041,584 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/04 11:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/25 14:39:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/25 14:39:16 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/09/22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2008/07/28 19:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Frances\Desktop
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 4B FD 45 2B 67 CB 01 [binary data]
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/30 01:08:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/18 17:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frances\AppData\Roaming\Mozilla\Extensions
[2013/09/27 13:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions
[2013/05/17 10:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/20 13:51:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/13 23:30:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/23 09:40:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/06/27 17:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/20 13:51:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/01 16:41:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.104 (Enabled) = C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
CHR - Extension: Chrome In-App Payments service = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2013/09/16 10:14:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [googletalk] C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [visionboard] C:\Program Files\VisionBoard\visionboardlauncher.exe ()
O4 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AEFD181-F14E-4463-B2D2-39C1367B81A8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EB4CFC4-7649-413F-870B-BB36D0D3979F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/01 17:17:23 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/22 21:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/22 21:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/22 21:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/22 21:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/22 21:44:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/16 10:19:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/16 10:14:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/09/16 10:03:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/16 10:03:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/16 10:03:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/16 10:02:24 | 005,126,233 | R--- | C] (Swearware) -- C:\Users\Frances\Desktop\ComboFix.exe
[2013/09/13 11:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/11 17:32:11 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/11 17:32:10 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/11 17:32:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/11 17:32:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/11 17:32:09 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/11 17:32:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/11 17:32:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/11 17:32:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/11 17:32:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/11 17:32:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/11 16:42:09 | 000,000,000 | ---D | C] -- C:\Users\Frances\Desktop\muscletesting (2)
[2013/09/11 10:28:14 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/11 10:28:13 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/11 10:28:12 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/11 10:28:12 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/11 10:28:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 10:28:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 10:28:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 10:28:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 10:28:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 10:28:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 10:28:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 10:28:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 10:28:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 10:28:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 10:28:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 10:28:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 10:28:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 10:28:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/09 16:27:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/09 16:27:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/05 01:43:42 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2013/09/02 10:09:33 | 000,358,571 | ---- | C] (Farbar) -- C:\Users\Frances\Desktop\FSS.exe
[2 C:\Users\Frances\AppData\Local\*.tmp files -> C:\Users\Frances\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/01 21:54:24 | 000,015,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 21:54:24 | 000,015,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 21:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/01 21:47:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 21:47:07 | 1602,347,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/01 21:47:07 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 21:03:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/26 10:41:13 | 000,676,430 | ---- | M] () -- C:\Users\Frances\Desktop\Johnson2009_Essays.pdf
[2013/09/23 00:49:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/23 00:49:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/22 21:51:28 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/19 23:09:57 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/17 17:55:54 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/16 10:14:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/09/16 10:02:25 | 005,126,233 | R--- | M] (Swearware) -- C:\Users\Frances\Desktop\ComboFix.exe
[2013/09/16 09:45:52 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/16 09:35:23 | 000,000,938 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130916-093846.backup
[2013/09/14 19:50:03 | 000,000,938 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130916-093523.backup
[2013/09/13 13:51:04 | 001,351,051 | ---- | M] () -- C:\Users\Frances\Desktop\1327158306-hushbaby007-The_Secret_Code_of_Success_7_Hidden_Steps_to_More_Wealth_and_Happiness_pdf.pdf
[2013/09/11 23:58:38 | 377,083,219 | ---- | M] () -- C:\Users\Frances\Desktop\InLoveForALifetime.zip
[2013/09/11 19:27:10 | 000,432,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/11 01:19:51 | 000,209,117 | ---- | M] () -- C:\Users\Frances\Desktop\high-end-secrets.pdf
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/07 18:38:11 | 000,000,371 | ---- | M] () -- C:\Users\Frances\Desktop\program8-allergy-clearing.mp3
[2013/09/07 18:37:48 | 000,000,350 | ---- | M] () -- C:\Users\Frances\Desktop\muscletesting.zip
[2013/09/07 18:37:16 | 000,000,368 | ---- | M] () -- C:\Users\Frances\Desktop\SecretsofMuscleTesting.mp4
[2013/09/07 17:51:18 | 859,751,703 | ---- | M] () -- C:\Users\Frances\Desktop\Unleashyourinnermillionaire.zip
[2013/09/07 17:37:12 | 369,030,166 | ---- | M] () -- C:\Users\Frances\Desktop\uyim.zip
[2013/09/07 17:22:58 | 043,233,156 | ---- | M] () -- C:\Users\Frances\Desktop\45min-theta.mp3
[2013/09/07 17:22:11 | 014,433,259 | ---- | M] () -- C:\Users\Frances\Desktop\15min-theta.mp3
[2013/09/07 17:22:07 | 030,045,988 | ---- | M] () -- C:\Users\Frances\Desktop\program6-trauma.mp3
[2013/09/05 16:54:32 | 000,002,737 | ---- | M] () -- C:\Users\Frances\Desktop\wscsvc.reg
[2013/09/05 16:54:16 | 000,007,586 | ---- | M] () -- C:\Users\Frances\Desktop\WinDefend.reg
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2013/09/04 20:38:20 | 001,040,526 | ---- | M] () -- C:\Users\Frances\Desktop\item1-life8-b-phillips-01-UYIM-II-overview.pdf
[2013/09/04 20:24:53 | 000,182,321 | ---- | M] () -- C:\Users\Frances\Desktop\tas-attract-brent-phillips-special-overview.pdf
[2013/09/04 16:16:42 | 000,885,642 | ---- | M] () -- C:\Users\Frances\Desktop\TheSecretBehindtheSecret.pdf
[2013/09/03 15:13:47 | 000,574,747 | ---- | M] () -- C:\Users\Frances\Desktop\overview(1).pdf
[2013/09/03 14:46:43 | 000,574,747 | ---- | M] () -- C:\Users\Frances\Desktop\overview.pdf
[2013/09/03 13:37:39 | 227,154,724 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/02 21:42:43 | 001,943,473 | ---- | M] () -- C:\Users\Frances\Desktop\FSS-MillionDollarMindset.pdf
[2013/09/02 10:09:38 | 000,358,571 | ---- | M] (Farbar) -- C:\Users\Frances\Desktop\FSS.exe
[2 C:\Users\Frances\AppData\Local\*.tmp files -> C:\Users\Frances\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/26 10:41:10 | 000,676,430 | ---- | C] () -- C:\Users\Frances\Desktop\Johnson2009_Essays.pdf
[2013/09/22 21:51:28 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/17 17:55:54 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/17 17:55:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/16 10:03:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/16 10:03:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/16 10:03:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/16 10:03:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/16 10:03:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/16 09:45:46 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/13 13:50:48 | 001,351,051 | ---- | C] () -- C:\Users\Frances\Desktop\1327158306-hushbaby007-The_Secret_Code_of_Success_7_Hidden_Steps_to_More_Wealth_and_Happiness_pdf.pdf
[2013/09/11 01:19:47 | 000,209,117 | ---- | C] () -- C:\Users\Frances\Desktop\high-end-secrets.pdf
[2013/09/07 18:38:10 | 000,000,371 | ---- | C] () -- C:\Users\Frances\Desktop\program8-allergy-clearing.mp3
[2013/09/07 18:37:48 | 000,000,350 | ---- | C] () -- C:\Users\Frances\Desktop\muscletesting.zip
[2013/09/07 18:37:15 | 000,000,368 | ---- | C] () -- C:\Users\Frances\Desktop\SecretsofMuscleTesting.mp4
[2013/09/07 17:21:18 | 369,030,166 | ---- | C] () -- C:\Users\Frances\Desktop\uyim.zip
[2013/09/07 17:20:45 | 014,433,259 | ---- | C] () -- C:\Users\Frances\Desktop\15min-theta.mp3
[2013/09/07 17:20:28 | 043,233,156 | ---- | C] () -- C:\Users\Frances\Desktop\45min-theta.mp3
[2013/09/07 17:20:15 | 030,045,988 | ---- | C] () -- C:\Users\Frances\Desktop\program6-trauma.mp3
[2013/09/07 17:19:15 | 859,751,703 | ---- | C] () -- C:\Users\Frances\Desktop\Unleashyourinnermillionaire.zip
[2013/09/05 16:54:31 | 000,002,737 | ---- | C] () -- C:\Users\Frances\Desktop\wscsvc.reg
[2013/09/05 16:54:12 | 000,007,586 | ---- | C] () -- C:\Users\Frances\Desktop\WinDefend.reg
[2013/09/04 20:38:19 | 001,040,526 | ---- | C] () -- C:\Users\Frances\Desktop\item1-life8-b-phillips-01-UYIM-II-overview.pdf
[2013/09/04 20:24:52 | 000,182,321 | ---- | C] () -- C:\Users\Frances\Desktop\tas-attract-brent-phillips-special-overview.pdf
[2013/09/04 19:45:20 | 377,083,219 | ---- | C] () -- C:\Users\Frances\Desktop\InLoveForALifetime.zip
[2013/09/04 16:16:36 | 000,885,642 | ---- | C] () -- C:\Users\Frances\Desktop\TheSecretBehindtheSecret.pdf
[2013/09/03 15:13:44 | 000,574,747 | ---- | C] () -- C:\Users\Frances\Desktop\overview(1).pdf
[2013/09/03 14:46:39 | 000,574,747 | ---- | C] () -- C:\Users\Frances\Desktop\overview.pdf
[2013/09/03 13:37:39 | 227,154,724 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/02 21:42:35 | 001,943,473 | ---- | C] () -- C:\Users\Frances\Desktop\FSS-MillionDollarMindset.pdf
[2013/07/23 13:26:58 | 000,036,154 | ---- | C] () -- C:\Program Files\cc_20130723_132652.reg
[2013/07/07 14:15:45 | 000,000,151 | ---- | C] () -- C:\Windows\Reimage.ini
[2011/06/27 23:28:39 | 000,015,044 | ---- | C] () -- C:\Program Files\cc_20110627_232823.reg
[2011/06/27 09:30:01 | 000,000,000 | ---- | C] () -- C:\Users\Frances\AppData\Local\{2F0D215D-D36A-4572-8518-970B7D5F1ED4}
[2011/06/07 11:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Frances\AppData\Local\{D0C3A833-BA01-4220-98B5-867AEE928B6A}
[2010/11/08 16:25:25 | 000,004,608 | ---- | C] () -- C:\Users\Frances\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 16:43:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2010/12/10 11:09:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/09 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/09 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/04/17 22:17:12 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Amazon
[2013/06/30 01:05:45 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Audacity
[2010/11/08 14:17:06 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Avery
[2013/07/08 14:09:49 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\AVG
[2012/11/24 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\AVG2013
[2013/10/01 21:47:41 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Dropbox
[2011/04/01 17:16:02 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\EPSON
[2011/11/28 00:42:55 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\MP3SkypeRecorder
[2010/10/11 15:56:48 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\OpenOffice.org
[2011/02/18 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Pamela
[2012/01/20 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\Tific
[2012/11/24 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\TuneUp Software
[2011/08/31 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/07/24 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Frances\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#112
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. It looks clean :thumbsup: I want you to open Firefox in Safe Mode. This will disable all of the extensions and add-ons. Then surf around for a while and see if Firefox still freezes. If it doesn't freeze up anymore then one of the add-ons is causing the problem. When Firefox freezes is it just on certain sites or does it freeze up on pretty much any site?


To start FF in Safe Mode:

Open Firefox
Click the Firefox button in the upper left corner. Highlight Help in the context menu and click Restart with add-ons disabled...
  • 0

#113
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi Godawgs, at first it was ok, for about half a day. However after that it went down hill. Constantly hanging on videos having to reboot 3 and 4 times.

It seems to freeze more on videos but it freezes eventually on all sites.

thanks
  • 0

#114
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's see if WinPatrol is contributing to this issue. Let's stop it from automatically starting when the computer boots up and then see if the problem is still there.


  • Open the WinPatrol program.
  • Click on the Options tab.
  • You should see a check box at the bottom of the GUI that says, Automatically run WinPatrol when computer starts
  • Un-click the box in front of this message and then re-start Windows
Posted Image

Now go surfing and see if the problem still remains.
  • 0

#115
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements


#116
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
User returned.
  • 0

#117
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi thanks for opening it up.

Ok so after trying things out for several days, overall it's much better, however just yesterday I had to reboot the computer a couple of times only due to the hanging in the browsers.

So I think we are nearly there!

thanks
  • 0

#118
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The last suggestion I have is to reset the browsers. The down side to this is that you will lose your Favorites and any passwords in IE. In Firefox, your bookmarks, browsing history, passwords, cookies and web form auto-fill information will be saved. However, your extensions and themes will be removed; open tabs, windows and tab groups will not be saved; and your preferences will be reset. I am not familiar with Chrome.

To reset Chrome:

Click here to go to the Google support page and click the + beside Windows Instructions

To reset Firefox:

Click here to go to the Mozilla support page on how to reset Firefox

To reset IE:

Click here to go to the Microsoft support page for resetting IE9.

Let me know what happens. If that doesn't help the only thing I can suggest then would be to open a topic in our Web Browsers, E-Mail forum after we have cleaned up.
  • 0

#119
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi Godawgs, I've thought about your suggestion and at this time I think as we are at the end of things pretty much that as you say if it's the browser I can always raise it on the appropriate forum here. I'd rather not reset everything again if I can avoid it.

If there is anything else you think might be affecting it from your expert point of view let me know.

In the meantime can we put back whatever needs putting back from the changes we made? I know you said that you would help me with that. Also you mentioned that you could advise me how to avoid these problems in future so any suggestions there would be great.

Ok thanks for all your help so far, much appreciated.

Edited by Feather24, 13 October 2013 - 05:10 AM.

  • 0

#120
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

I'm sorry that I couldn't resolve the issue with the browsers and hanging video. When we are done you can open a topic in our Web Browsers, E-Mail forum and our Techs will see what they can do. Just be sure to let them know that you have already been to the malware removal forum and your machine is clean. And put a link to this topic in your new one.

Your logs are clean so we need to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image

Step-3.

Uninstall ComboFix
  • Click the Start Orb, then click Run. This will display the Run dialogue box .
  • In the Run box, type or Copy and Paste the following ComboFix /Uninstall (Notice the space between the "x" and "/"), then click OK

    Posted Image
  • Follow the prompts on the screen.
  • A message should appear confirming that ComboFix was uninstalled
Step-4.

OTL Cleanup

1. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-5.

Delete the following Files and Folders (If Present):

esetsmartinstaller_enu.exe
The Adobe Reader Setup.exe file
MBR.dat
JRT.exe
JRT.txt
SecurityCheck.exe
checkup.txt
WinDefend.reg
wscsvc.reg
checkhd.txt


Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-6.

Reset Hidden Files and Folders

1. Click the Start Orb and click Computer.
2. In the Menu bar at the top click the Tools menu and click Folder Oprtions...
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Step-7.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name fo the restore point, i.e: Clean
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel
Now we can purge the old Restore Points
  • Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
  • Copy and Paste the following in the Run box:
    cleanmgr
  • Click OK
    A Disk Cleanup Options popup will open
    Posted Image
  • Click Files from all users on this computer

    A Drive Selection popup will open
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.
    Posted Image
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Select the system drive, C:\ and click OK.
  • For a few moments the system will make some calculations
    Posted Image
  • The Disk Cleanup Window will open:
    Posted Image
  • Click the More Options tab.
  • Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
    Posted Image
  • In the Disk Cleanup dialog box, click Delete (See screenshot below).
    Posted Image
  • You will get a Disk Cleanup confirmation (See screenshot below)
    Posted Image
  • Click Delete Files, and then click OK.
Step-8.

Re-enable WinPatrol

Go back to post #114 and reverse the directions there to re-enable WinPatrol.

You can reinstall SpyBot S&D if you wish, but I would recommend that you use MalwareBytes instead. Just open the program every few days and do a Quick scan. Then once a month or so do a FULL scan. Remember to update the program (if required) before running the scans.

I would also recommend that you download TFC (Temp File Cleaner) from the link in the Prevention suggestions below. Save it to the desktop and run it once a week. It will keep tour Temp files and browser caches cleaned out.


Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

This webpage is worth bookmarking/reading for future reference:
Securing Your Web Browser

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.
It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

IF I have helped you and you want to say "thanks", you can do that by clicking the Rep+ button at the bottom right of this post. :)

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP