Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 Error after infection [Solved]


  • This topic is locked This topic is locked

#1
Jam3s

Jam3s

    Member

  • Member
  • PipPip
  • 11 posts

Hi,

 

I recently had an infection which I removed but now I have an error showing from RegSvr32, the file it is mentioning does not exist, MBAM & Avast have failed to sort the issue. I am close to re formatting but a friend metioned you folks over here so here I am.

 

Any help would be appreciated.

 

Error: "C:\ProgramData\mmylfzb.dat" failed to load.. ect ect.

 

 

Regards,

Jay


  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Greetings! welcome.gif

My name's Naathim, I'm a GeekU Minion and I'm pleased to meet you!
Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)
I know that it is quite frustrating to have a corrupted machine because I was once in your shoes. Don't worry! Maybe I'm not a super-human, I don't know everything nor I am limitless, but I promise to do my best to fix your issues!

Here are some notes that should make our work faster and easier, please take a look and stay familiar with them :happy:
 

icon_exclaim.gif


icon_arrow.gif Malware removal is a long-time process due to tough analysis and research. Stay with me until I say we're done.
icon_arrow.gif Read my instructions completely before proceeding and always run the tools in the order given!
icon_arrow.gifDon't try to fix anything on your own or run any other tools. They may interfere what may lead to prevent your System from the next boot-up.
icon_arrow.gif To make my work easier post the logs directly in your replies, unless asked to attach them.


icon_question.gif


icon_idea.gifIf any unexpected problem will appear, interrupt processing and return here with a note!
icon_idea.gifNever be afraid to ask if in doubt!

Now that we have formalities out of the way, let's get started! :rockon:



We'll run ZOEK to take a general look at your system :)

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Please also download the attached scriptfile, named zoekscript.txt.
Attached File  zoekscript.txt   147bytes   130 downloads

icon_idea.gif Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:

51dd31d8563a6-output_TD9fmK.gif

Please approve any UAC prompt to allow this action to proceed.

Answer Yes to the following prompt to allow the zoek script to run:


zoek-script-warning.jpg

This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.



Cheers,
Naat :)
  • 1

#3
Jam3s

Jam3s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

Thanks for the assistance, I have never heard of that program and can already see multiple reg keys the infection must have created, I think removing the keys will solve the issue but I will wait for your response: The log is below.

 

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by James on 06/06/2014 at 13:05:36.02.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\James\Desktop\zoek\zoek.scr
Script used: C:\Users\James\Desktop\zoek\zoekscript.txt

 

 

==== System Restore Info ======================

06/06/2014 13:06:07 Zoek.exe System Restore Point Created Succesfully.

 

 

==== Installed Programs ======================

7-Zip 9.20 (x64 edition) 
Adobe Flash Player 11 ActiveX 
Adobe Flash Player 11 Plugin 
Adobe Reader XI (11.0.06) 
AirParrot 
Assassins Creed IV Black Flag Deluxe Edition 
avast Free Antivirus 
Battlefield 4T 
Battlelog Web Plugins 
Canon Easy-PhotoPrint EX 
Canon MG3100 series MP Drivers 
Canon MG3100 series User Registration 
Canon MP Navigator EX 5.0 
Cheat Engine 6.3 
Dead SpaceT 3 
DJI driver version 2.02 
DJI Phantom 2 Assistant version 1.08 
DJI Phantom 2 Assistant version 2.00 
DJI RC System Assistant version 1.1 
ESN Sonar 
GeForce Experience NvStream Client Components 
Malwarebytes Anti-Malware version 2.0.2.1012 
Medal of Honor ™ 
Microsoft .NET Framework 4.5.1 
Microsoft Lync Web App Plug-in 
Microsoft Mouse and Keyboard Center 
Microsoft Office Access MUI (English) 2007 
Microsoft Office Access Setup Metadata MUI (English) 2007 
Microsoft Office Excel MUI (English) 2007 
Microsoft Office Office 64-bit Components 2007 
Microsoft Office Outlook MUI (English) 2007 
Microsoft Office PowerPoint MUI (English) 2007 
Microsoft Office Professional 2007 
Microsoft Office Proof (English) 2007 
Microsoft Office Proof (French) 2007 
Microsoft Office Proof (Spanish) 2007 
Microsoft Office Proofing (English) 2007 
Microsoft Office Publisher MUI (English) 2007 
Microsoft Office Shared 64-bit MUI (English) 2007 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 
Microsoft Office Shared MUI (English) 2007 
Microsoft Office Shared Setup Metadata MUI (English) 2007 
Microsoft Office Word MUI (English) 2007 
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs 
Microsoft Silverlight 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 
Mozilla Firefox 26.0 (x86 en-US) 
NVIDIA 3D Vision Controller Driver 331.82 
NVIDIA 3D Vision Driver 331.82 
NVIDIA Control Panel 331.82 
NVIDIA GeForce Experience 1.8.2 
NVIDIA Graphics Driver 331.82 
NVIDIA HD Audio Driver 1.3.26.4 
NVIDIA Install Application 
NVIDIA LED Visualizer 1.0 
NVIDIA Network Service 
NVIDIA PhysX 
NVIDIA PhysX System Software 9.13.0725 
NVIDIA ShadowPlay 11.10.11 
NVIDIA Stereoscopic 3D Driver 
NVIDIA Update 11.10.11 
NVIDIA Update Core 
NVIDIA Virtual Audio 1.2.20 
Origin 
PDF-Viewer 
SHIELD Streaming 
TeamViewer 9 
Uplay 
Windows Driver Package - dji-innovations inc. (usbser) Ports  (12/06/2012 5.1.2600.5512) 

 

 

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

 

 

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [NvStreamSvc] - NVIDIA Streamer Service - "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
R2 - [nvsvc] - NVIDIA Display Driver Service - "C:\Windows\system32\nvvsvc.exe"
R2 - [PnkBstrA] - PnkBstrA - C:\Windows\system32\PnkBstrA.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
R2 - [TeamViewer9] - TeamViewer 9 - "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S3 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
Unknown2 - [NvNetworkService] - NVIDIA Network Service - "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"

 

 

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 12280 MB
CPU Info: Intel® Core™ i7 CPU         920  @ 2.67GHz
CPU Speed: 2751.1 MHz
Sound Card: Digital Audio (S/PDIF) (High De |
Digital Audio (HDMI) (High Defi |
Display Adapters: NVIDIA GeForce GTX 780 | NVIDIA GeForce GTX 780 | NVIDIA GeForce GTX 780 | NVIDIA GeForce GTX 780 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; BenQ G2420HDBL (Digital) |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 | Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
CD / DVD Drives: 1x (H: | ) H: ATAPI   iHAS524   A
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 10 Button Wheel Mouse Present
Hard Disks: C:  74.4GB | D:  931.5GB | E:  310.4GB | F:  310.4GB | G:  310.6GB
Hard Disks - Free: C:  25.4GB | D:  273.8GB | E:  150.5GB | F:  268.5GB | G:  196.4GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 09/21/10 | 092110 - 20100921
Time Zone: GMT Standard Time
Motherboard *: ASUSTeK Computer INC. P6TD DELUXE
Country: United Kingdom
Language: ENG

 

 

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 10.0.9200.16736
Mozilla Firefox version: 26.0 (x86 en-US)
Adobe Reader version: 11.0.06.70
Flash Player version: 11.9.900.170

 

 

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1013955533-1931107372-2475564181-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"="D:\Origin\Origin.exe -AutoStart"
"Steam"="D:\Steam\steam.exe -silent"
"mmylfzb"="regsvr32.exe C:\ProgramData\mmylfzb.dat"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"mobilegeni daemon"="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"="D:\Origin\Origin.exe -AutoStart"
"Steam"="D:\Steam\steam.exe -silent"
"mmylfzb"="regsvr32.exe C:\ProgramData\mmylfzb.dat"

 

 

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

 

 

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\PileFile logon" [C:\Users\James\AppData\Local\Temp\Clash Of Clans HackDownload_DEAB\Clash_Of_Clans_Hack_Downloader.exe]
"C:\Windows\SysNative\tasks\PileFile reminder" [C:\Users\James\AppData\Local\Temp\Clash Of Clans HackDownload_DEAB\Clash_Of_Clans_Hack_Downloader.exe]

 

 

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [06/06/2014 10:39]

 

 

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

 

==== Firefox Plugins ======================

Profilepath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\qv2et810.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ

 

 

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/06/2014 10:39]

 

 

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.co.uk/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{DEE2D5DF-3E14-4944-948A-56C9DA7491CD}"

 

 

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...Box&FORM=IE10SR"
{DEE2D5DF-3E14-4944-948A-56C9DA7491CD} Google  Url="https://www.google.c...?q={searchTerms}"

 

 

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

 

 

==== EOF on 06/06/2014 at 13:06:50.46 ======================


Edited by Jam3s, 06 June 2014 - 06:15 AM.

  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi  :)

Windows Sidebar vulnerability

You have Windows Sidebar running on your machine, and it has been well-known lately for some security issues.
Here you can read a little about it, as Microsoft desdcribed it in this article.

icon_idea.gif The fix to disable Windows Sidebar may be downloaded from here.

 

= = = = = = = = = = = = = = = = = = = =

 

icon_arrow.gifFIRST

Open Malwarebytes' Anti-Malware and go to the History tab.

On the left panel choose Application logs:



 

tq7qi6z6.png

 

Select the last one Scan log and click View.

At the bottom please click Export and pick up text file from the menu:
 

p84ykoav.png

 

icon_arrow.gif Save this file to your desktop and post it into your next reply for my review.




 

= = = = = = = = = = = = = = = = = = = =

 

icon_arrow.gifSECOND

I need you to download the attached script:
Attached File  zoekscript.txt   495bytes   65 downloads

icon_idea.gif Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:


 

51dd31d8563a6-output_TD9fmK.gif

 

Please approve any UAC prompt to allow this action to proceed.

Answer Yes to the following prompt to allow the zoek script to run:


 

zoek-script-warning.jpg

 

This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.




 

= = = = = = = = = = = = = = = = = = = =

 

icon_arrow.gifTHIRD

Download ADWCleaner by Xplode to your desktop.

  • Close all programs and right-click on the adwcleaner.png icon - select Run as Administrator.
    (Users of Windows XP please just double-click).
  • You will be presented with the console like the one below:

    adwcleaner-start.jpg

  • Click on Scan and follow the prompts.
  • Let it run unhindered.
  • When done, click on the Clean button, and follow the prompts.
  • Allow the system to reboot.

After that, you will then be presented with the report. Copy & Paste this report on your next reply.

icon_idea.gif The report will be saved in the C:\AdwCleaner folder, as AdwCleaner[S0].txt.

 

= = = = = = = = = = = = = = = = = = = =

 

Now in your next reply please include these ones for my review:
icon_arrow.gif MBAM report
icon_arrow.gif ZOEK report
icon_arrow.gif AdwCleaner report

I don't mind multiple posts if necessary.

Cheers,
Naat  :)


  • 0

#5
Jam3s

Jam3s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thanks for the help, I have been away all weekend, I will sort this out today.


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Thanks for letting me know. Awaiting your response :thumbsup:


  • 0

#7
Jam3s

Jam3s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

((MBAM))

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/06/2014
Scan Time: 09:37:12
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.09.02
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291274
Time Elapsed: 3 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#8
Jam3s

Jam3s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

((Zoek))

 

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by James on 09/06/2014 at  9:49:00.09.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\James\Desktop\zoek\zoek.com [Scan all users] 
Script used: C:\Users\James\Desktop\zoekscript.txt

==== Older Logs ======================

C:\zoek-results2014-06-06-120650.log 13452 bytes
C:\zoek-results2014-06-09-082536.log 538 bytes
C:\zoek-results2014-06-09-084506.log 13869 bytes

==== System Restore Info ======================

09/06/2014 09:49:33 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

7-Zip 9.20 (x64 edition) 
Adobe Flash Player 11 ActiveX 
Adobe Flash Player 11 Plugin 
Adobe Reader XI (11.0.06) 
AirParrot 
Assassins Creed IV Black Flag Deluxe Edition 
avast Free Antivirus 
Battlefield 4T 
Battlelog Web Plugins 
Canon Easy-PhotoPrint EX 
Canon MG3100 series MP Drivers 
Canon MG3100 series User Registration 
Canon MP Navigator EX 5.0 
Cheat Engine 6.3 
Dead SpaceT 3 
DJI driver version 2.02 
DJI Phantom 2 Assistant version 1.08 
DJI Phantom 2 Assistant version 2.00 
DJI RC System Assistant version 1.1 
ESN Sonar 
GeForce Experience NvStream Client Components 
Malwarebytes Anti-Malware version 2.0.2.1012 
Medal of Honor ™ 
Microsoft .NET Framework 4.5.1 
Microsoft Lync Web App Plug-in 
Microsoft Mouse and Keyboard Center 
Microsoft Office Access MUI (English) 2007 
Microsoft Office Access Setup Metadata MUI (English) 2007 
Microsoft Office Excel MUI (English) 2007 
Microsoft Office Office 64-bit Components 2007 
Microsoft Office Outlook MUI (English) 2007 
Microsoft Office PowerPoint MUI (English) 2007 
Microsoft Office Professional 2007 
Microsoft Office Proof (English) 2007 
Microsoft Office Proof (French) 2007 
Microsoft Office Proof (Spanish) 2007 
Microsoft Office Proofing (English) 2007 
Microsoft Office Publisher MUI (English) 2007 
Microsoft Office Shared 64-bit MUI (English) 2007 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 
Microsoft Office Shared MUI (English) 2007 
Microsoft Office Shared Setup Metadata MUI (English) 2007 
Microsoft Office Word MUI (English) 2007 
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs 
Microsoft Silverlight 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 
Mozilla Firefox 26.0 (x86 en-US) 
NVIDIA 3D Vision Controller Driver 331.82 
NVIDIA 3D Vision Driver 331.82 
NVIDIA Control Panel 331.82 
NVIDIA GeForce Experience 1.8.2 
NVIDIA Graphics Driver 331.82 
NVIDIA HD Audio Driver 1.3.26.4 
NVIDIA Install Application 
NVIDIA LED Visualizer 1.0 
NVIDIA Network Service 
NVIDIA PhysX 
NVIDIA PhysX System Software 9.13.0725 
NVIDIA ShadowPlay 11.10.11 
NVIDIA Stereoscopic 3D Driver 
NVIDIA Update 11.10.11 
NVIDIA Update Core 
NVIDIA Virtual Audio 1.2.20 
Origin 
PDF-Viewer 
SHIELD Streaming 
TeamViewer 9 
Uplay 
Windows Driver Package - dji-innovations inc. (usbser) Ports  (12/06/2012 5.1.2600.5512) 

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [NvStreamSvc] - NVIDIA Streamer Service - "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
R2 - [nvsvc] - NVIDIA Display Driver Service - "C:\Windows\system32\nvvsvc.exe"
R2 - [PnkBstrA] - PnkBstrA - C:\Windows\system32\PnkBstrA.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
R2 - [TeamViewer9] - TeamViewer 9 - "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S3 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
Unknown2 - [NvNetworkService] - NVIDIA Network Service - "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-1013955533-1931107372-2475564181-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"mmylfzb"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mobilegeni daemon"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"mmylfzb"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Mobogenie deleted
C:\Users\James\AppData\Local\genienext deleted
C:\Users\James\daemonprocess.txt deleted
C:\Users\James\.android deleted
C:\Users\James\AppData\Roaming\Oxy deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\James\AppData\Local\Mobogenie deleted
C:\Users\James\AppData\Local\cache deleted
C:\Users\James\Documents\Mobogenie deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 12280 MB
CPU Info: Intel® Core™ i7 CPU         920  @ 2.67GHz
CPU Speed: 2723.0 MHz
Sound Card: Digital Audio (S/PDIF) (High De |
Digital Audio (HDMI) (High Defi |
Display Adapters: NVIDIA GeForce GTX 780 | NVIDIA GeForce GTX 780 | NVIDIA GeForce GTX 780 | NVIDIA GeForce GTX 780 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; BenQ G2420HDBL (Digital) |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 | Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
CD / DVD Drives: 1x (H: | ) H: ATAPI   iHAS524   A
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 10 Button Wheel Mouse Present
Hard Disks: C:  74.4GB | D:  931.5GB | E:  310.4GB | F:  310.4GB | G:  310.6GB
Hard Disks - Free: C:  30.6GB | D:  273.8GB | E:  150.5GB | F:  268.5GB | G:  196.4GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 09/21/10 | 092110 - 20100921
Time Zone: GMT Standard Time
Motherboard *: ASUSTeK Computer INC. P6TD DELUXE
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 10.0.9200.16736
Mozilla Firefox version: 26.0 (x86 en-US)
Adobe Reader version: 11.0.06.70
Flash Player version: 11.9.900.170

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1013955533-1931107372-2475564181-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"="D:\Origin\Origin.exe -AutoStart"
"Steam"="D:\Steam\steam.exe -silent"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"="D:\Origin\Origin.exe -AutoStart"
"Steam"="D:\Steam\steam.exe -silent"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\PileFile logon" [C:\Users\James\AppData\Local\Temp\Clash Of Clans HackDownload_DEAB\Clash_Of_Clans_Hack_Downloader.exe]
"C:\Windows\SysNative\tasks\PileFile reminder" [C:\Users\James\AppData\Local\Temp\Clash Of Clans HackDownload_DEAB\Clash_Of_Clans_Hack_Downloader.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [06/06/2014 10:39]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\qv2et810.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/06/2014 10:39]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.co.uk/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.co.uk/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{DEE2D5DF-3E14-4944-948A-56C9DA7491CD}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...Box&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...Page={startPage}"
{DEE2D5DF-3E14-4944-948A-56C9DA7491CD} Google  Url="https://www.google.c...?q={searchTerms}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\testing\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\James\AppData\Local\Mozilla\Firefox\Profiles\qv2et810.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=93 folders=50 15371340 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\James\AppData\Local\Temp will be emptied at reboot
C:\Users\testing\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\James\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 09/06/2014 at 10:01:18.98 ======================


  • 0

#9
Jam3s

Jam3s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

I have cleaned all it found and the system restarted.

((ADW))

 

# AdwCleaner v3.212 - Report created 09/06/2014 at 10:13:23
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
File Deleted : C:\Windows\System32\Tasks\PileFile logon
File Deleted : C:\Windows\System32\Tasks\PileFile reminder

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\WEDLMNGR

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\qv2et810.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1434 octets] - [09/06/2014 10:05:57]
AdwCleaner[S0].txt - [1289 octets] - [09/06/2014 10:13:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1349 octets] ##########


  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi  :)

There will be two more scans to be done here, just to search for any remnants and vulnerabilities.
Also please tell me: Do you face any other issues?

 

= = = = = = = = = = = = = = = = = = = =

 

icon_arrow.gif FIRST
ESET Online Scanner
icon_idea.gif This step can only be done using Internet ExplorerGoogle Chrome or Mozilla Firefox

icon_arrow.gif Please visit ESET site.
Click there fxn8GTf.jpg

If using Internet Explorer:

  • Accept the Terms of Use and click Start
  • Allow the running of add-on

If using other browsers:

  • Download esetsmartinstaller_enu.exe that you'll be given link to
  • Double click esetsmartinstaller_enu.exe
  • Allow the Terms of Use and click Start

icon_exclaim.gif Make sure that:

  • Remove found threats is unchecked
  • Scan archives is checked, in Advanced Settings: Scan for potentially unwanted applicationsScan for potentially unsafe applications and Enable Anti-Stealth technology are checked

lUnQ7NW.png

  • Click Start

     
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan!

     
  • When the scan is done, click Finish
  • log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.


= = = = = = = = = = = = = = = = = = = =

 

icon_arrow.gif SECOND

Download Security Check by screen317.
icon_arrow.gif Save it to your Desktop and:

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt;

Please post the content of that document.

 

= = = = = = = = = = = = = = = = = = = =

 

Now in your next reply please include these ones for my review:
icon_arrow.gif ESET report
icon_arrow.gif Security Check report
icon_arrow.gif information about any other issues you may be facing

I don't mind multiple posts if necessary.

Cheers,
Naat  :)


  • 0

Advertisements


#11
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

Are you still somewhere around?

Cheers,
Naat :)
  • 0

#12
Jam3s

Jam3s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi yes sorry, I travel for work please bear with me, I will post up what you need asap


  • 0

#13
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

Thanks for letting me know.

 

Awaiting your response :)


  • 0

#14
Jam3s

Jam3s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hiya,

 

I don't have any issues really, only the occasional hard drive lag with the OS being SSD and everything else on HD.

 

ESET:

E:\Drivers\NVIDIA\Driver Sweeper\unins000.exe Win32/OpenCandy potentially unsafe application
F:\Tools\NTFSUndelete_setup_1248.exe Win32/MyPCBackup.A potentially unwanted application

 

 

SCR:

 Results of screen317's Security Check version 0.99.84 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 11.9.900.170 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

 


  • 0

#15
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
Is there any particular reason for disabled UAC? Is this your own customized setting? I strongly recommend to enable it.

Let me know about your decision, but bare in mind that this is a security risk.
 
Two updates needs to be done:
- Internet Explorer 11
- Adobe Flash Player 14
 
icon_idea.gif On the Adobe website you can see an optional offer of McAfee Security Scan Plus. Do not install it by leaving the checkbox unchecked - this is foistware!
 
ESET detections are bundled potentially unwanted programs. Be careful what do you install, there is lots of undesireable software nowadays.

After competing the cleaning I will provide you with some tips how to avoid that.

 

Cheers,

Naat :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP