Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus & Malware [Closed]

Win32/Farfeit

  • This topic is locked This topic is locked

#1
andesito

andesito

    New Member

  • Member
  • Pip
  • 3 posts

Computer won't open some pages on the internet.  Have programs listed under control panel that I didn't install that won't uninstall via control panel.  I ran malwarebytes in safemode found the 1st time said found 1,054 ran a 2nd time said 494 so was thinking maybe it not really removing all the problems.

Attached Files


  • 0

Advertisements


#2
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi andesito

Welcome  :)

 I'm 23red, and it'll be my pleasure to assist you with your problem.  I am currently reviewing your log.  In the meantime, I'd be grateful if you would note the following:

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

 

Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  ;)

 

•  Thank you for your understanding and I appreciate your patience.

 

OTL is currently situated at C:\Users\Otis Endicott\Downloads..  May you please right-click and select copy and then right click and paste it on your Desktop as we'll need it to work from there.  Also, residing in Downloads there should be a text file titled extras.txt which was produced at the same time as the OTL.txt.  May you please post the contents of that file as well. 

 

Thank you :)

 


  • 0

#3
andesito

andesito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks I have copied and paste those to desktop & here is one you requested

Attached Files


  • 0

#4
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Thank you :)  I'll get moving on this for you now. 

  • Please click on the Follow This Topic Button (at the top right of this page), so you will be notified when answers are posted for you.  I'll post back soon as I can.

  • 0

#5
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi andesito :)

Let's get this computer cleaned up:

It might be helpful to print these instructions.  Upon careful inspection, your log indicates that the programs listed below are installed on your computer. I am requesting the removal of these programs as they are associated with malware, adware or spyware:

 

AnyProtect
DesktopWeatherAlerts
MyPC Backup
Snap.Do
System Update kb70007
V-bates 2.0.0.440
Windows Updates Downloader

 

 

PC Optimizing Programs Information
 
The following programs are all supposed to speed up the pc or optimize the pc. A lot of them come bundled with other software that has been downloaded so your not even aware that they have been installed. Most of them report problems that aren't really there or problems that aren't really problems. Then they want you to either pay a fee or buy the professional edition so it can clean the system. We feel that they are a waste of system resources and money and do very little if any good. And almost all of them have a Registry cleaning module that can do a great deal of harm. These need to be uninstalled.  There are quite a few others that do not appear to be in Programs and Features.  We will remove those also, after which your computer will likely run much faster ;)
 
Optimizer Pro v3.2
PC Fix Speed 1.2.0.24
PC Performer

 

Multiple AntiVirus Programs

 

Your computer requires one anti virus program, you appear to have two installed:

 

AVG
Microsoft Security Essentials

 

 Antivirus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more antivirus programs running at the same time will use 2 or 3 times the amount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives.  The end result is actually LESS antivirus protection.

 Please uninstall either AVG or Microsoft Security Essentials from Control Panel ~> Programs and Features as we proceed. If you decide to remove AVG, you will need to use the removal tool found at this link.  Once you have uninstalled AVG from Programs and Features, click on Save File button to install and follow the on screen instructions to remove all residual files that may causes issues in the future. Make sure to reboot the computer after the removal process.

 

Uninstalls

 

I'll cover most I can see here, if you see others that you do not recognize uninstall those as well.

 Please go to Start ~> Control Panel ~> Programs and Features and remove each of the following if present:
If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.

 

AnyProtect
DesktopWeatherAlerts
MyPC Backup
Optimizer Pro v3.2
PC Fix Speed 1.2.0.24
PC Performer
Snap.Do
System Update kb70007
V-bates 2.0.0.440
Windows Updates Downloader

 

and either
AVG or
Microsoft Security Essentials

 

Make sure you run the AVG the removal tool if you choose to uninstall AVG!

 

Windows Sidebar Advice

 

It is no longer advisable to have this feature enabled as outline in the below Microsoft article:

Vulnerabilities in Gadgets could allow remote code execution 

I advise you download and run the Disable Windows Sidebar and Gadgets Fixtit Utility to rectify this.  This will remove this vulnerability.

 

OTL Fix

 

Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg on your Desktop, choose Run as Administrator, accept UAC prompts.

Under OTLcustomscansboxtitle.jpg
 in the textbox at the bottom of the OTL console window, please copy and then paste in the all of the following text from between the lines:

 

 

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

 

 

 

 

 

:Commands
[CREATERESTOREPOINT]
:OTL
SRV:64bit: - [2014/04/07 15:38:50 | 000,210,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\V-bates\ExtensionUpdaterService.exe -- (V-bates Updater)
SRV:64bit: - [2014/04/07 15:38:50 | 000,129,312 | ---- | M] (Wajamu) [Auto | Stopped] -- C:\Program Files\V-bates\guardsvc.exe -- (Mext Guard)
SRV - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () [Auto | Stopped] -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe -- (System Update kb70007)
SRV - [2014/05/25 20:10:19 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014/05/25 20:10:19 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () [Auto | Stopped] -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe -- (System Update kb70007)
SRV - [2014/04/08 11:26:48 | 000,037,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\LPT\srpts.exe -- (LPTSystemUpdater)
SRV - [2014/03/14 10:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6347BB13-7F4C-49D8-A2F3-857E0E085D0E}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.trovi.com/?gd=&ctid=CT3 [Binary data over 200 bytes]
IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...rcodeID}&um={UM}
IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...archTerms}=
IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes\{75491962-E77E-4120-9D1A-E71745F3D35E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...&p={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Trovi search"
FF - prefs.js..browser.search.defaultthis.engineName: "Vgrabber v1.5 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "default-search.net"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX [2014/05/24 03:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox [2014/05/24 03:36:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\LyricsParty\125.xpi
[2014/05/23 11:23:57 | 000,006,060 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\bingp.xml
[2014/05/23 10:08:26 | 000,002,579 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\default-search.xml
[2014/05/24 03:41:53 | 000,002,773 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\Speedial.xml
[2014/05/25 22:04:01 | 000,001,014 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\trovi-search.xml
[2014/05/23 09:43:05 | 000,002,397 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\Web Search.xml
O2:64bit: - BHO: (no name) - {2977C29A-6723-4436-90BB-F7C5FDEF88A1} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Otis Endicott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk = C:\Users\Otis Endicott\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
[2014/05/25 20:10:25 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\globalUpdate
[2014/05/25 20:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/05/23 10:26:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2014/05/23 10:25:42 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\Speedial
[2014/05/23 10:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speedial
[2014/05/23 10:25:30 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\Systweak
[2014/05/23 10:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2014/05/23 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[2014/05/23 10:05:23 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\Settings Manager
[2014/05/23 10:04:53 | 001,705,063 | ---- | C] (AnyProtect.com) -- C:\Users\Otis Endicott\AppData\Local\AnyProtectScannerSetup.exe
[2014/05/23 10:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx
[2014/05/23 09:56:02 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\WebBar
[2014/05/23 09:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallSightSDK
[2014/05/23 09:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\WebBar
[2014/05/23 09:54:48 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\PC_Drivers_Headquarters
[2014/05/23 09:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Updates Downloader
[2014/05/23 09:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Updates Downloader
[2014/05/23 09:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Restore
[2014/05/23 09:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
[2014/05/23 09:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Restore
[2014/05/23 09:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiDefMedia
[2014/05/23 09:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTechHotline
[2014/05/23 09:46:44 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\PCFixSpeed
[2014/05/23 09:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PCFixSpeed
[2014/05/23 09:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixSpeed
[2014/05/23 09:45:25 | 002,185,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Otis Endicott\DefaultPack (2).EXE
[2014/05/23 09:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\V-bates
[2014/05/23 09:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LPT
[2014/05/23 09:41:57 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\LPT
[2014/05/23 09:41:56 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\Smartbar
[2014/05/23 09:40:46 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\TidyNetwork
[2014/05/23 09:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TidyNetwork
[2014/05/23 09:40:32 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft
[2014/05/23 09:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSR
[2014/05/23 09:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\rrsavings
[2014/05/23 09:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\002
[2014/05/18 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\Documents\Optimizer Pro
[2014/05/18 18:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/05/18 18:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/05/18 18:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/05/16 08:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Performer
[2014/05/28 21:28:26 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2014/05/26 20:59:42 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\FF Watcher {4AEB1DC9-55B6-4DD8-841D-F6003B9B4AA0}.job
[2014/05/26 20:59:39 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\FF Watcher {5A8E07FF-80F2-40A6-91C0-C5344AA2ED11}.job
[2014/05/25 20:15:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/05/25 20:15:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/05/24 03:37:50 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job   
[2014/05/24 03:37:50 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/05/24 03:37:50 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/05/23 10:06:59 | 000,002,944 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\aps.scan.results
[2014/05/23 10:06:59 | 000,001,152 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\aps.scan.quick.results
[2014/05/23 10:06:59 | 000,000,318 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\aps.uninstall.scan.results
[2014/05/23 09:57:01 | 000,000,000 | ---- | M] () -- C:\END
[2014/05/23 09:54:28 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\Windows Updates Downloader.lnk
[2014/05/23 09:53:10 | 000,002,303 | ---- | M] () -- C:\Users\Public\Desktop\Driver Restore.lnk
[2014/05/23 09:53:05 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\HiDef Media Player.lnk
[2014/05/22 20:37:59 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job
[2014/05/21 15:00:20 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job
[2014/05/19 09:37:28 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2014/05/19 07:19:26 | 001,705,063 | ---- | M] (AnyProtect.com) -- C:\Users\Otis Endicott\AppData\Local\AnyProtectScannerSetup.exe
[2014/05/18 18:10:13 | 000,001,211 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
[2014/05/18 18:07:34 | 000,808,072 | ---- | M] () -- C:\Users\Otis Endicott\flashplayerpro-setup.exe
[2014/05/16 08:54:57 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\PC Performer.lnk
[2014/05/26 22:52:05 | 000,194,952 | ---- | C] () -- C:\Program Files (x86)\8eres.dll
[2012/01/13 18:14:31 | 000,000,000 | ---D | M] -- C:\Users\Edna Endicott\AppData\Roaming\PC Cleaners
[2011/09/25 21:05:51 | 000,000,000 | ---D | M] -- C:\Users\Edna Endicott\AppData\Roaming\PCPowerSpeed
[2012/01/13 18:14:31 | 000,000,000 | ---D | M] -- C:\Users\Edna Endicott\AppData\Roaming\PCPro
[2011/11/24 09:28:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PCPowerSpeed
[2012/01/14 22:12:24 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\DriverCure
[2012/01/09 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\ErrorTeck
[2013/06/13 05:32:59 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\FixCleaner
[2011/07/16 23:51:58 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\IDT
[2012/01/12 21:50:12 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\PC Cleaners
[2014/05/24 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\PCFixSpeed
[2012/02/06 21:35:56 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\PCPro
[2014/05/24 03:35:50 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\PerformerSoft
[2014/05/23 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\Settings Manager
[2013/01/09 21:30:56 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?i?ilotserviceruntime.log) -- C:\Windows\SysWow64\?i?ilotserviceruntime.log
[2013/01/09 21:30:56 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?i?ilotserviceruntime.log) -- C:\Windows\SysWow64\?i?ilotserviceruntime.log
:Files
ipconfig /flushdns /c
:Reg
"{AB65D81D-303A-4DDB-AC7C-12C9CD9F67FB}"=-
"{AEB719FD-EDB0-43E9-B524-90F97C1E6499}"=-
:Files
C:\Windows\Microsoft\System Update kb70007
:Commands
[PURITY]
[EMPTYTEMP]

 

 

 

 

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

 

 

•  Push the runfixbutton.jpg  button.
•  OTL will ask to reboot the machine. Please do so if asked. 
•  If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
•  Copy and Paste that report in your next reply, please

 

Thank you :)

 


  • 0

#6
andesito

andesito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ok I have completed all steps which some under control panel (snap, vbates never uninstalled when clicked on uninstall it beeped but never said anything or removed it from list but I was thinking maybe some had been removed with my previous malware scan...) Attached is copy of log you requested....& Thanks again :)

Attached Files


  • 0

#7
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi andecito :)

 

Excellent work!    :thumbsup:  Ok, let's get what we cannot see ~ After these scans please let me know how the computer is  behaving.

 

Step 1.

 

ADWCleaner

 

1.  Download AdwCleaner from this link to your Desktop. 

 

2.  Right click adwcleanericon.jpg on your Desktop, choose Run as Administrator.

 

3.  Accept UAC prompt.

 

4.  Accept AdwCleaner's Terms of Use.  And the AdwCleaner window opens:

newAdwCleanerwindow.jpg

 

5.  Click on the newAdwCleanerScanbutton.jpg <~ Scan button and wait for the scan to finish.

 

6.  After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending..... Please uncheck elements you don't want to remove. Please check to be sure no good items accidentally got picked up.

 

7.  Once that is complete, click the acwcleanerCleanbutton.jpg <~ Clean button

 

8.  Once it has finished Cleaning, click the newadwcleanerreportbutton.jpg <~ Report button to get the log.

 

9.  Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.

 

10.  Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

 

Step 2.

 

Junkware Removal Tool

 

•  Please download Junkware Removal Tool to your desktop.

 

•  Shut down your protection software now to avoid potential conflicts.

 

•  Right-mouse click JRT.exe and select "Run as Administrator".

 

•  The tool will open and start scanning your system.

 

•  Please be patient as this can take a while to complete depending on your system's specifications.

 

•  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

 

•  Post the contents of JRT.txt into your next post.

When you return, please post:

1.  AdwCleaner[R0].txt.
2.  JRT.txt

3.  How is the computer running, now?


  • 0

#8
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

It's been a few days.  Are you still with me? 


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP