Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MyPC BackUp pop-ups (part 2) [Solved]


  • This topic is locked This topic is locked

#1
BG Runner

BG Runner

    Member

  • Member
  • PipPip
  • 60 posts
I previously started a topic entitled "MyPC BackUp pop-ups" on 11.11.13 which was dealt with very well by Nutloaf. However the topic was closed as I was unable to get back to this in time.
I have finally followed the last instructions posted by Nutloaf dated 08.12.13:

1. Automatic Updates are enabled
2. I think I now have updated Adobe
3. I have installed JavaRa.exe but did not find an option to Remove Java Runtime so could not follow the rest of the instruction.
4. I have run the OTL Custom Scan and here is the log file:

OTL logfile created on: 12/01/2014 15:26:07 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julie\Desktop\Geeks
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.86% Memory free
4.21 Gb Paging File | 2.11 Gb Available in Paging File | 50.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 140.37 Gb Free Space | 63.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.85 Gb Free Space | 48.45% Space Free | Partition Type: NTFS

Computer Name: JULIE-PC | User Name: Julie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/27 21:58:10 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/27 21:58:06 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/27 21:57:00 | 000,113,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/12/10 21:24:02 | 000,839,560 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
PRC - [2013/11/11 21:35:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Desktop\Geeks\OTL.exe
PRC - [2013/10/25 02:34:06 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/10 10:12:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/07/30 05:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2010/06/24 13:00:14 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/24 18:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/13 09:55:16 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/11/23 23:49:24 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/08/18 14:10:47 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/18 14:10:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 14:06:40 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/14 15:21:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/12/08 14:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2013/12/27 21:58:06 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/27 21:57:00 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/12/10 21:24:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/10 10:12:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/25 08:46:44 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/07/25 08:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/07/30 05:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2010/06/24 13:00:14 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2013/12/27 21:58:37 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/27 21:58:37 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/27 21:58:37 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/27 21:58:37 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/27 21:58:36 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/27 21:58:35 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/12/27 21:57:33 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/12/27 21:57:01 | 000,252,336 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/12/27 21:57:01 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2013/12/13 09:55:15 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/11/23 23:49:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/10/25 02:34:18 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/10/25 02:34:18 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/10/25 02:34:18 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/09/10 10:12:47 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/09/10 10:12:46 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/01 08:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/30 05:51:50 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/06/24 13:00:14 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 A4 C7 4E A6 0F CF 01 [binary data]
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/10/09 22:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: SearchGol (Enabled)
CHR - default_search_provider: search_url = http://www.searchgol...125035&tsp=5030
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: avast! Online Security = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} https://vpn.nhsstock...ies/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://vpn.nhsstock...COL /cscopf.cab (CISCO Portforwarder Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC9E4B55-386C-45D6-B435-F6D7CC00619B}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/12 15:05:51 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\JavaRa
[2013/12/27 22:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/27 22:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/27 22:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/27 22:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/27 21:59:13 | 000,026,136 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/12/27 21:59:12 | 000,252,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/12/27 21:57:01 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/12/15 16:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/12 15:25:19 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 15:04:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/12 14:59:15 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 14:59:15 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 14:54:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/12 14:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/09 15:04:09 | 006,951,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/09 15:04:09 | 003,399,116 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/27 22:37:25 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/27 22:02:34 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/12/27 22:02:34 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/12/27 21:58:37 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/12/27 21:58:37 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/12/27 21:58:37 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/27 21:58:37 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/12/27 21:58:36 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/12/27 21:58:35 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/12/27 21:58:32 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/12/27 21:58:32 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/27 21:57:33 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/12/27 21:57:01 | 000,252,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/12/27 21:57:01 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/12/14 17:51:27 | 000,398,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/27 22:37:25 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/27 22:02:34 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/12/27 22:02:34 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/11/23 23:49:42 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/23 23:49:42 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/10/12 14:24:54 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/10/09 22:30:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2011/11/12 22:01:51 | 000,000,000 | ---- | C] () -- C:\Users\Julie\AppData\Local\{32E91E92-7276-4F47-922E-B981E8B6271D}
[2011/10/26 12:27:21 | 000,000,000 | ---- | C] () -- C:\Users\Julie\AppData\Local\{518E4141-3390-48BB-BF84-3F0C6B4ABBA1}
[2011/09/19 21:46:59 | 000,000,000 | ---- | C] () -- C:\Users\Julie\AppData\Local\{BBB2E6C0-188E-405D-9D4D-A8DEABADA71A}
[2011/05/16 11:01:36 | 000,198,421 | ---- | C] () -- C:\Users\Julie\AQA-3701-2H-W-QP-NOV09.pdf
[2010/10/04 07:58:01 | 000,005,989 | ---- | C] () -- C:\Users\Julie\Session 4 Identifying Verbs.notebook
[2010/10/04 07:57:41 | 000,012,405 | ---- | C] () -- C:\Users\Julie\Session 3 Baking Bread Instructions.notebook
[2010/07/01 19:09:25 | 000,000,798 | ---- | C] () -- C:\Users\Julie\AppData\Local\Images.fl
[2010/03/25 20:45:05 | 000,000,370 | ---- | C] () -- C:\Users\Julie\Pictures - Shortcut.lnk
[2010/02/15 13:01:35 | 000,005,632 | ---- | C] () -- C:\Users\Julie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 20:00:19 | 000,000,680 | ---- | C] () -- C:\Users\Julie\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/23 23:51:36 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\AVAST Software
[2013/11/23 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\AVG2014
[2011/02/06 16:26:48 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Cisco
[2010/06/25 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\GetRightToGo
[2010/04/12 07:16:19 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\licenses
[2013/12/07 16:32:34 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\QuickScan
[2011/02/03 21:16:35 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Samsung
[2010/01/19 22:44:28 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\TMP
[2013/11/23 17:45:18 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\TuneUp Software
[2013/06/17 19:39:10 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\VSO

< End of report >

Things to be running well at present.
Thanks for your help.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nutloaf informed
  • 0

#3
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, glad you came back :)

O.K let's go over a few things.

Java looks to be uninstalled, I can see a few leftovers that we'll take care of here. Other than that it's looking cool beans!


1. CHROME BROWSER

  • Open Chrome and at the top right hand side click the box I have highlighted in red below and click Settings

    chrome1.jpg
  • Under On Start-up check mark the Open a specific page or set of pages. Then click the link Set pages See Image Below.

    chrome2.png
  • In the StartUp pages box hover the mouse over www.searchgol.com to highlight if present, now click the x to remove.
  • Copy and Paste the following into the Add a new page box: https://www.google.com/ and click O.K. See Image Below.

    chrome3.jpg
  • Under Search click Manage search engines in the Default search settings box if www.searchgol.com is present then hover the mouse over it to highlight, now click the x to remove.
  • Hover the mouse over Google.com and select Make Default then click Done See Image Below

    chrome4.jpg


2. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2012/07/25 08:46:44 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2012/07/25 08:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    DRV - [2010/09/01 08:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    [2013/11/23 17:45:18 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\TuneUp Software
    [2013/06/17 19:39:10 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\VSO
    [2013/11/23 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\AVG2014
    [2013/10/12 14:24:54 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
    :FILES
    C:\Program Files\AVG
    C:\Program Files\Secunia

    :REG
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.google.com"

    [HKEY_USERS\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.google.com"

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

Things I want to see in your next post.

  • OTL fix.txt
  • How are the browsers running now?
  • Everything else O.K?

  • 0

#4
BG Runner

BG Runner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Here is the OTL fix.txt:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service AVG Security Toolbar Service stopped successfully!
Service AVG Security Toolbar Service deleted successfully!
File C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe not found.
Service Secunia PSI Agent stopped successfully!
Service Secunia PSI Agent deleted successfully!
C:\Program Files\Secunia\PSI\psia.exe moved successfully.
Service Secunia Update Agent stopped successfully!
Service Secunia Update Agent deleted successfully!
C:\Program Files\Secunia\PSI\sua.exe moved successfully.
Service PSI stopped successfully!
Service PSI deleted successfully!
C:\Windows\System32\drivers\psi_mf.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2\ deleted successfully.
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2\ deleted successfully.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre7\bin\ssv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Julie\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Julie\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Julie\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Users\Julie\AppData\Roaming\VSO folder moved successfully.
C:\Users\Julie\AppData\Roaming\AVG2014\cfgall folder moved successfully.
C:\Users\Julie\AppData\Roaming\AVG2014 folder moved successfully.
C:\Windows\System32\sasnative32.exe moved successfully.
========== FILES ==========
C:\Program Files\AVG\AVG9\log folder moved successfully.
C:\Program Files\AVG\AVG9\cfg folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Program Files\Secunia\PSI\SUA folder moved successfully.
C:\Program Files\Secunia\PSI\help\fr_FR folder moved successfully.
C:\Program Files\Secunia\PSI\help\es_ES folder moved successfully.
C:\Program Files\Secunia\PSI\help\en_GB folder moved successfully.
C:\Program Files\Secunia\PSI\help\de_DE folder moved successfully.
C:\Program Files\Secunia\PSI\help\da_DK folder moved successfully.
C:\Program Files\Secunia\PSI\help folder moved successfully.
C:\Program Files\Secunia\PSI\fonts\Open_Sans folder moved successfully.
C:\Program Files\Secunia\PSI\fonts folder moved successfully.
C:\Program Files\Secunia\PSI folder moved successfully.
C:\Program Files\Secunia folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"https://www.google.com" /E : value set successfully!
HKEY_USERS\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"https://www.google.com" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Julie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37810896 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 405175617 bytes
->Flash cache emptied: 779 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 205807169 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 70379 bytes

Total Files Cleaned = 619.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01132014_202850

Files\Folders moved on Reboot...
C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Julie\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.6124.log moved successfully.
C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Julie\AppData\Local\Trusteer\Rapport\user\logs\koan.6124.log moved successfully.
C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Julie\AppData\Local\Trusteer\Rapport\user\logs\koanlight.6124.log moved successfully.
C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HCBQ8J04\page__p__2366112__fromsearch__1[1].htm moved successfully.
C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

The browsers seem to be running well.
No other problems.
Thanks.
  • 0

#5
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Your System is now clean. Thanks for returning to finish up BG and thanks for sticking with me.

All we have to do now, is create a clean Restore point and clean up the tools. :)


Dustpan and Brush


1. OTL

Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

  • Then click Run Fix
  • When complete a log file will tell you if sucessfull. I do not need to see this.
  • Now click the CleanUp button on OTL. This will delete the log files, and OTL itself.
  • Click O.K to Reboot.

2. Flush Old System Restore Points

  • Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
  • If prompted Select the system drive, C then OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked.
  • Now click on the More Options tab. If not shown - Click on Clean up system files >> Select the system drive, C then OK. now click More Options Tab.
  • Under:- System Restore and Shadow Copies Click on Clean up... select Delete >> OK then Delete Files.

3. Register Avast for Free Updates

  • Open Avast either by clicking the Taskbar shield or the Desktop icon.
  • Top of the screen should be a link to Register now. If not Click Maintenance and the link is there.
  • Choose Free Protection if asked and fill in your Name and Email info.
  • You will then recieve an email with a confirmation link. Click the link and your all set for free updates.

4. Uninstall ADWcleaner

  • Open ADWcleaner, ignore any Updates and select uninstall.

5. Delete 2 Desktop Icons

  • Right click the JRT Icon and select Delete
  • Right click the Security Check Icon and select Delete

6. Uninstall ESET

  • Click Start then Control Panel and select Uninstall a program or Programs and Features
  • Select ESET Online Scanner and uninstall



Tips For A Clean Surf with Toolbar and Homepage free waves


CryptoPrevent

Install the following FREE program to prevent crypto ransome ware.

Use this link to download and install CryptoPrevent

Avoid the following

  • Torrent downloaders, Torrent files and Torrent sites. - Otherwise known as P2P. The files are mainly illegal, contain malware and\or adult material. Steer clear of P2P programs and files..
  • Registry Cleaners - They can clean a little too much and remove needed entries. The best thing to do with the registry is leave it be.
  • PC Performance Boosters. - Programs that promise to speed up your PC. These are useless and\or come packed with Toolbars and other uneeded software that runs in the background causing, you guessed it Performance Issues!
  • Not Checking Install Screens - Dont just click next, next, next and Install when installing programs. Some of the screens may contain Browsers or Toolbars. Check each screen before clicking next.


The main thing is to Keep On Top Of Your Updates and run Weekly Scans with Malwarebytes and Avast. I supplied you with the tools in my updates post, so use them :)

Select the following link and add it to your Favourites or Bookmark for future use. The answers to the majority of PC problems. :wave:


I will keep this post open for 24 hours if you need assistance. If after that you need help then please start a new Topic in the appropriate forum.
  • 0

#6
BG Runner

BG Runner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Thanks for all your help. I will follow your final instructions in the next few days. Thanks again.
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP