[gismeu]

Hello,

 

my wife's computer got infected.

It is a Dell Inspirion laptop with Windows 7. She has AVG Antivirus, but it might have expired or been not turned on, we don't know.

 

As stated above, I can't start Firefox or IE. What happens is that you can see this little round circle or spiral turning, indicating (I guess) that the computer is trying to start Firefox, but after a few seconds it stops and disappears.

 

Besides the Internet browsers, I can't open any text files and probably other things. However, some month ago she had Spyhunter to get rid of malware, which is currently expired, but I could start that program. It did a scan and found lots of malware or adware, but did not remove it due to being expired.

 

When I go to Control Panel - Programs (uninstall a program) in her computer I can see a list of items that got downloaded the last day she could use it. She was as well on the phone with a AVG guy, so a couple of things could be from him recommending to download them. Here is the list:

 

 

Tiny Wallet (I googled that and it is a VIRUS - the rest I have not yet looked up)

Support TW 1.1

Remote Desktop access (VuuPC)

Storm alert

Consumer input (Sono control Inc.)

Search Snacks

Groovorio

Consumer Input (remove only)

Click to run configuration failure

Click to run application manager

 

I'd appreciate any help in getting this computer back to running.

 

many thanks, gis

[Advertisements]

Do you have a USB stick and access to another computer ?

If so then first to protect the other computer download and install this programme

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

Once the USB is confirmed clean download the following programme to the USB and transfer to the sick computer

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Copy the logs to the USB drive and transfer to a good computer
• Please post both logs generated.

[Essexboy]

Do you have a USB stick and access to another computer ?

If so then first to protect the other computer download and install this programme

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

Once the USB is confirmed clean download the following programme to the USB and transfer to the sick computer

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Copy the logs to the USB drive and transfer to a good computer
• Please post both logs generated.

[gismeu]

Hello Essexboy,

 

thanks heaps for taking on my case!

 

Will go and buy a flash drive later today, i.e. around 6 pm Florida time.

 

best, gis

[Essexboy]

OK I am on GMT here

[gismeu]

Okay, here is task #2

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Kris at 2014-11-21 18:13:35
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.13665 - Systweak Software) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.0.387 - AVG Technologies)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.185 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.185 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.185 - AVG Technologies) Hidden
AVG Zen (Version: 1.0.387 - AVG Technologies) Hidden
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CommonCents 4.0 (x32 Version: 4.5.58.668 - enDevelopment) Hidden
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.)
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version:  - Compete Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
FMW 1 (Version: 1.0.259 - AVG Technologies) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Groovorio (HKLM-x32\...\Groovorio) (Version:  - Groovorio) <==== ATTENTION
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java™ 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.1 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
Recipe Hub Internet Explorer Toolbar (HKLM-x32\...\RecipeHub_2jbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Search Snacks (HKLM-x32\...\SearchSnacks) (Version: 1.9.0.6 - Search Snacks)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Storm Alert (HKLM-x32\...\StormAlert) (Version: 2.7.45 - Rational Thought Solutions LLC)
Support TW 1.1 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version:  - TinyWallet) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.15.0 - Synaptics Incorporated)
TinyWallet (HKLM-x32\...\{F04D4328-4631-1CBE-1907-201B33FAF2E8}) (Version: 4.3.0.1958 - )
TWS Latest (945.1) (HKU\S-1-5-21-4287490833-3400291495-2554494040-1000\...\TWS Latest (945.1)) (Version:  - Interactive Brokers)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kris\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll No File
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4287490833-3400291495-2554494040-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kris\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-11-2014 20:03:31 Windows Update
08-11-2014 01:38:35 Windows Update
12-11-2014 01:59:07 Windows Update
12-11-2014 04:40:23 Windows Update
13-11-2014 00:18:46 Windows Update
17-11-2014 15:38:19 Windows Update
17-11-2014 17:50:42 Removed AVG 2015
17-11-2014 18:02:11 Removed AVG 2015
17-11-2014 18:13:52 Removed AVG PC TuneUp 2014
17-11-2014 18:16:50 Removed AVG PC TuneUp 2014 (en-US)
17-11-2014 18:21:37 Removed Citrix Online Launcher
17-11-2014 19:22:43 Installed AVG 2015
17-11-2014 19:24:01 Installed AVG 2015
19-11-2014 23:01:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-03-08 10:36 - 00000867 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1            d3oxij66pru1i3.cloudfront.net

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1889E0B0-1DDE-41B2-8387-E5FA7CAEEBA2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {2CDD4B80-0EFE-4312-9777-D5B30F1AE60A} - \MediaPlayerEnhance-codedownloader No Task File <==== ATTENTION
Task: {2DCA76F5-03B4-4989-9EDA-CE83BD9BB2C7} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {2F8C85BF-463B-4B0B-9C8A-FED80761662C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {36C68EDF-D2D1-473F-A3F5-5641AFC81DF9} - System32\Tasks\CIMT_S-1-5-21-4287490833-3400291495-2554494040-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-10-08] ()
Task: {38FDD950-0FBF-45E7-ABF9-2BA33E75B8BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {47B2E892-0295-4FC6-A957-1C196C0B9823} - System32\Tasks\AVG_SYS_TASK_1114avz_DELETE => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe [2014-10-08] ()
Task: {568E6BEA-F6BF-4CE7-A877-B5995D5A40A1} - \AmiUpdXp No Task File <==== ATTENTION
Task: {58BC9D6C-AC45-4625-AD0D-04CA6C69A28F} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {86817139-8E58-4A3E-B547-68499F7A2E73} - System32\Tasks\G2MUpdateTask-S-1-5-21-4287490833-3400291495-2554494040-1000 => C:\Users\Kris\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe
Task: {8F14A824-0FBF-426A-A3C6-23C8EE5CB985} - System32\Tasks\AVG_SYS_TASK_1114avz => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe [2014-10-08] ()
Task: {943F4C85-FF7C-4116-81B9-CDFFFA5E42EB} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-17] (ConsumerInput)
Task: {993B97E4-9A23-4A33-86A0-AC1AB92958E2} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-11-17] (ConsumerInput)
Task: {AD4C203C-D0A0-407E-B1FE-09003B1D98DC} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {B6D34BB0-693F-493A-A3BC-79493FF0E55A} - \MediaPlayerEnhance-firefoxinstaller No Task File <==== ATTENTION
Task: {C4FE0A79-8615-4541-BE62-6D58EF0A3AA5} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {DBE031A3-D261-4205-93D7-3C3E620DB126} - \MediaPlayerEnhance-chromeinstaller No Task File <==== ATTENTION
Task: {E3531C3B-C58C-4F72-AC68-E6D0212E8F19} - \MediaPlayerEnhance-updater No Task File <==== ATTENTION
Task: {E6EE1F9B-1986-402B-B2D5-2D6C94569AD6} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-07-17] (Systweak) <==== ATTENTION
Task: {EF53CF1B-10F9-4CD5-8336-9AF9D9ABB3DB} - \MediaPlayerEnhance-enabler No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1114avz_DELETE.job => C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-4287490833-3400291495-2554494040-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4287490833-3400291495-2554494040-1000.job => C:\Users\Kris\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-17 13:30 - 2014-11-17 13:30 - 00089600 _____ () C:\Users\Kris\AppData\Roaming\VOPackage\VOsrv.exe
2014-10-17 12:34 - 2014-10-17 12:34 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-10-17 12:34 - 2014-10-17 12:34 - 00835896 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2014-11-17 14:35 - 2014-10-08 07:00 - 02776088 _____ () C:\ProgramData\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-17 14:35 - 2014-10-08 07:00 - 02776088 _____ () C:\Users\Kris\AppData\Roaming\Avg_Update_1114avz\AVG-Secure-Search-Update_1114avz.exe
2014-10-16 13:39 - 2014-10-16 13:39 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\27062a1bd5e07ac476c1ef919d9abff5\VistaBridgeLibrary.ni.dll
2014-10-08 08:39 - 2014-10-08 08:39 - 01111936 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2012-10-11 21:56 - 2012-10-11 21:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-15 11:42 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\ASP\System.Data.SQLite.dll
2014-11-15 11:42 - 2014-07-17 18:54 - 01730984 _____ () C:\Program Files (x86)\ASP\aspsys.dll
2014-11-17 14:18 - 2014-11-17 14:18 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0CA8EFF8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_149ce099-4625-4038-9722-c30e91f61d82 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_23e0af0d-6954-4a4f-866e-75012bcc141c => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_73098fbd-996d-4264-9284-cc57a720938b => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter => "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Kris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

========================= Accounts: ==========================

Administrator (S-1-5-21-4287490833-3400291495-2554494040-500 - Administrator - Disabled)
Guest (S-1-5-21-4287490833-3400291495-2554494040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4287490833-3400291495-2554494040-1002 - Limited - Enabled)
Kris (S-1-5-21-4287490833-3400291495-2554494040-1000 - Administrator - Enabled) => C:\Users\Kris

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 06:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/21/2014 06:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/21/2014 06:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dca-monitoring.exe, version: 3.2.0.674, time stamp: 0x54353dea
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x165c
Faulting application start time: 0xdca-monitoring.exe0
Faulting application path: dca-monitoring.exe1
Faulting module path: dca-monitoring.exe2
Report Id: dca-monitoring.exe3

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: exception in main loop CoCreateInstance failed : HR: 0x80040154 ErrorCode: 0x0

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}


System errors:
=============
Error: (11/21/2014 06:05:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (11/19/2014 06:01:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {5911B092-7EEA-4D99-BEDB-BF82390F266A}

Error: (11/19/2014 06:01:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (11/19/2014 04:59:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (11/19/2014 04:48:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (11/19/2014 03:12:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (11/19/2014 03:06:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.187.2382.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.6.0305.00

    Source Path: 4.6.0305.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (11/19/2014 02:56:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (11/19/2014 08:14:52 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.187.2382.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.6.0305.00

    Source Path: 4.6.0305.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (11/19/2014 08:04:43 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.


Microsoft Office Sessions:
=========================
Error: (11/21/2014 06:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (11/21/2014 06:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (11/21/2014 06:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dca-monitoring.exe3.2.0.67454353deaKERNELBASE.dll6.1.7601.1840953159a86e06d73630000c42d165c01d005dfe07dcb78C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exeC:\Windows\syswow64\KERNELBASE.dll448bf77c-71d3-11e4-997d-b8ac6f795e42

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: exception in main loop CoCreateInstance failed : HR: 0x80040154 ErrorCode: 0x0

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (11/21/2014 06:06:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 65%
Total physical RAM: 3892.52 MB
Available physical RAM: 1340.64 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 4805.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:217.89 GB) NTFS
Drive e: () (Removable) (Total:29.8 GB) (Free:29.79 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7188B833)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

Now the scanning results of the flash drive, I wasnt sure. I guess you wanted the log from after having used the flash drive

on the infected computer. What I did was download the Farbar recovery Scan Tool using laptop 1, then moving on to the infected

laptop and after that I put the flash drive into laptop 2. Therefore the first log is without having ticked 'Always unhide items on flashdirve. The logs are here.

 

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.11.14.1 / Windows 7 <<<


11/21/2014 6:40:51 PM > Drive C: - scan started (no label ~188 GB, NTFS HDD )...


> C:\RECYCLED
> C:\RECYCLED\desktopA.sys (MD5: 5b899d2ea2b888f394522da8f271b0cf)

>>> C:\Recycled - Malware (folder) > Deleted. (14.11.21. 18.40 Recycled.237347)


=> Malicious files   : 1/1 deleted.
=> Malicious folders : 1/1 deleted.

____________________________________________

::::: Scan duration: 7sec ::::::::::::::::::
____________________________________________

11/21/2014 6:40:57 PM > Drive D: - scan started (LENOVO ~30 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.11.14.1 / Windows 7 <<<


11/21/2014 6:45:44 PM > Drive E: - scan started (no label ~30518 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.11.14.1 / Windows 7 <<<


11/21/2014 6:54:16 PM > Drive E: - scan started (no label ~30518 MB, FAT32 flash drive )...



=> The drive is clean.



Thanks, gis

Edited by gismeu, 21 November 2014 - 06:20 PM.

[gismeu]

deleted when I remembered that I can edit earlier posts 

Edited by gismeu, 21 November 2014 - 06:22 PM.

[Essexboy]

There should be a log on the desktop called FRST.txt that is the main log could you post that please

[gismeu]

Hello Essexboy,

 

<<There should be a log on the desktop called FRST.txt that is the main log could you post that please>>

 

I guess you are referring to the infected laptop computer.

 

There is no FRST.txt on the desktop!

 

Could that be to do with the fact that I can't open any text files?

Just tried again to open Microsoft Office Starter 2010 (Word) and

it did not work, The message I am getting is  'Click-2-Run configuration failiure.

 

However, playing around with the infacted laptop, I suddenly can go online again- very strange!

 

As good as that sounds, it still has many problems.

 

Thanks, gis

Edited by gismeu, 22 November 2014 - 06:41 AM.

[Essexboy]

OK could you re-run FRST and attach the main log

[gismeu]

Hello Essexboy,

 

my wife watched me do what you suggested and she feels not comfortable with posting the information online for everyboyd to see.

Neiterh of us understands enough in order to assess whether there is a risk or not.

Now my sense from looking at the website geekstogo.com, I feel comfortable with following your suggestions, but my wife does not

and since it is her computer, I have to stop.

 

So thanks heaps regardless and all the best, gis

[Essexboy]

OK as she does not want that then fair enough. But run this set of commands and see if that helps

This will reset the network settings

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[gismeu]

Okay, will do later today, i.e. Monday evening Florida time.

 

thanks, gis

[gismeu]

Hello Essexboy,

 

my wife bought a new laptop and I can have her old one. But haven't got time right now (Thanksgiving etc.) so

if you can wait a few days, then great, if not, no problem, I understand that too.

 

Best regards and thanks again, gis

[Essexboy]

No problem, I can attempt a fix if you like

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.