Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

wxdownload - can't get rid of it [Closed]


  • This topic is locked This topic is locked

#1
toptopaz

toptopaz

    Member

  • Member
  • PipPip
  • 12 posts

Have a big problem with wxdownload ads appearing all the time, it started yesterday morning.  I've tried running malwarebytes, avg etc but they haven't worked.  I'm no expert and would really appreciate some help.

 

OTL logfile created on: 9/28/2014 9:53:13 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jenny\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.87 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 19.09% Memory free
3.74 Gb Paging File | 1.44 Gb Available in Paging File | 38.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 56.59 Gb Free Space | 48.60% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 106.94 Gb Free Space | 92.15% Space Free | Partition Type: NTFS
Drive E: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 610.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: JENNY-TOSH | User Name: Jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/28 09:49:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Downloads\OTL.exe
PRC - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/09/05 16:34:22 | 003,364,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014/09/05 16:29:52 | 003,593,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014/09/05 16:23:18 | 000,293,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/09/04 04:01:19 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/11/15 15:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/15 01:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/06/03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/04 04:01:18 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll
MOD - [2014/09/04 04:01:17 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
MOD - [2014/09/04 04:01:16 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014/09/04 04:01:12 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
MOD - [2014/09/04 04:01:10 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
MOD - [2014/09/04 04:01:09 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/18 23:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/09 14:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/25 21:08:30 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/09/24 15:01:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/09/05 16:34:22 | 003,364,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/09/05 16:23:18 | 000,293,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/09/04 13:23:06 | 002,538,808 | ---- | M] (AVG Technologies) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014/08/28 12:48:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/15 15:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Disabled | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/09/25 17:40:20 | 003,302,520 | ---- | M] (nurago) [Auto | Stopped] -- C:\Program Files (x86)\nuragoLSPService\nuragoLspService.exe -- (nuragoLSPService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Disabled | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/09/28 09:19:04 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/09/14 18:26:44 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2014/09/14 18:26:44 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2014/08/20 21:45:10 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/08/06 21:39:52 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/07/24 14:06:36 | 000,247,576 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/07/18 15:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/07/02 09:58:24 | 000,270,616 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/06/18 21:03:34 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/18 21:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 21:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/19 16:02:09 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/01/19 16:02:08 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/28 12:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/21 01:24:36 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2014/08/28 17:23:38 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{968538EB-636A-4F58-AC27-F24B8079E84A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 87 09 2E 0E 4B CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {354CB9D7-C5C3-4EC7-BC41-2D967B0B987D}
IE - HKCU\..\SearchScopes\{354CB9D7-C5C3-4EC7-BC41-2D967B0B987D}: "URL" = https://uk.search.ya...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7NDKB_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/12 11:37:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/12 11:37:54 | 000,000,000 | ---D | M]
 
[2013/09/18 08:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/18 08:08:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajfpaddcchjgaemolcibmlbgijkhdocl\1.0.0_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.5_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: No name found = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/04/24 12:42:04 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {434D452D-5637-006A-76A7-7A786E7484D7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nuragoLSPService64.DLL (nurago)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nuragoLSPService64.DLL (nurago)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nuragoLSPService64.DLL (nurago)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nuragoLSPService64.DLL (nurago)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\nuragoLSPService64.DLL (nurago)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E22E28F-DF2D-4EA0-8049-146E6316995B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DC0F40F-3FF4-4B17-B2EF-71A14798A20C}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C93EB520-668D-4CC2-B844-561FD4CD02E0}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/15 10:48:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/12/11 16:32:57 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/05/08 09:08:14 | 001,996,304 | R--- | M] (Eidos Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/10/24 19:09:50 | 000,000,117 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/28 08:11:15 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/28 08:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/28 08:08:09 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/28 08:08:09 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/28 08:08:08 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/28 08:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/27 16:35:06 | 000,040,248 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\TURegOpt.exe
[2014/09/27 16:34:53 | 000,029,496 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\authuitu.dll
[2014/09/27 16:34:52 | 000,025,400 | ---- | C] (AVG Technologies) -- C:\Windows\SysWow64\authuitu.dll
[2014/09/27 16:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
[2014/09/27 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\AVG
[2014/09/27 16:33:16 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Avg
[2014/09/27 16:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/09/27 16:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0914avt
[2014/09/27 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\AVG2015
[2014/09/27 16:13:34 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\TuneUp Software
[2014/09/27 16:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/09/27 16:12:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/09/27 16:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/09/27 16:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/09/27 16:06:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/09/27 16:06:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\MFAData
[2014/09/27 16:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/09/27 16:06:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Avg2015
[2014/09/27 13:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/09/23 07:15:05 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Deployment
[2014/09/20 13:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tomb Raider - Anniversary
[2014/09/20 07:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/09/19 14:40:50 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Friendly Cactus
[2014/09/16 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\Prince of Persia T2T-save
[2014/09/14 15:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2014/09/07 07:58:58 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Gearbox Software
[2014/09/07 07:55:00 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
[2014/09/07 07:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2014/09/07 07:24:51 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\WinZip
[2014/09/07 07:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/09/07 07:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/28 09:48:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/28 09:23:16 | 000,019,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/28 09:23:16 | 000,019,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/28 09:20:25 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/28 09:19:04 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/28 09:17:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/28 09:16:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/28 09:16:49 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/28 08:09:08 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/27 16:34:39 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2014/09/27 16:34:39 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
[2014/09/27 16:13:34 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/09/27 16:07:28 | 000,025,270 | ---- | M] () -- C:\Users\Jenny\Desktop\cc_20140927_160721.reg
[2014/09/27 13:34:10 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/09/25 09:48:57 | 000,002,246 | ---- | M] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/23 07:16:32 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/21 07:17:08 | 000,001,537 | ---- | M] () -- C:\Users\Jenny\Desktop\tra - Shortcut.lnk
[2014/09/20 12:05:31 | 000,000,222 | ---- | M] () -- C:\Users\Jenny\Desktop\Tomb Raider (VI) The Angel of Darkness.url
[2014/09/19 14:40:32 | 000,001,340 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/09/17 14:06:00 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/09/14 18:29:38 | 000,001,741 | ---- | M] () -- C:\Users\Jenny\Desktop\PrinceOfPersia - Shortcut.lnk
[2014/09/14 18:26:44 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2014/09/14 18:26:44 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2014/09/10 10:26:18 | 000,771,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/10 10:26:18 | 000,657,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/10 10:26:18 | 000,123,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/10 10:26:08 | 000,771,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/10 10:25:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/09 17:25:23 | 000,001,108 | ---- | M] () -- C:\Users\Jenny\Desktop\James Bond 007 Nightfire.lnk
[2014/09/07 07:55:16 | 000,000,841 | ---- | M] () -- C:\Windows\eReg.dat
[2014/09/07 07:24:53 | 000,002,284 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/09/04 13:23:08 | 000,040,248 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\TURegOpt.exe
[2014/09/04 13:23:02 | 000,029,496 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\authuitu.dll
[2014/09/04 13:23:02 | 000,025,400 | ---- | M] (AVG Technologies) -- C:\Windows\SysWow64\authuitu.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/28 08:09:08 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/27 16:34:39 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2014/09/27 16:34:39 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
[2014/09/27 16:34:18 | 000,002,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
[2014/09/27 16:13:34 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/09/27 16:07:24 | 000,025,270 | ---- | C] () -- C:\Users\Jenny\Desktop\cc_20140927_160721.reg
[2014/09/27 13:34:10 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/09/23 07:16:32 | 000,002,246 | ---- | C] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/23 07:16:32 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/23 07:15:45 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/23 07:15:45 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/21 07:17:08 | 000,001,537 | ---- | C] () -- C:\Users\Jenny\Desktop\tra - Shortcut.lnk
[2014/09/20 12:05:30 | 000,000,222 | ---- | C] () -- C:\Users\Jenny\Desktop\Tomb Raider (VI) The Angel of Darkness.url
[2014/09/19 14:40:32 | 000,001,340 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/09/17 14:06:00 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/09/14 18:29:38 | 000,001,741 | ---- | C] () -- C:\Users\Jenny\Desktop\PrinceOfPersia - Shortcut.lnk
[2014/09/14 18:26:44 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2014/09/14 18:26:44 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2014/09/07 07:55:01 | 000,001,108 | ---- | C] () -- C:\Users\Jenny\Desktop\James Bond 007 Nightfire.lnk
[2014/09/07 07:24:53 | 000,002,284 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/04/05 10:44:57 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2014/01/10 15:00:00 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/09 07:52:02 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/11/05 07:15:42 | 000,003,856 | ---- | C] () -- C:\Windows\SysWow64\nuragoLSPService.ini
[2013/11/05 07:15:42 | 000,002,648 | ---- | C] () -- C:\Windows\SysWow64\GacelaLSPServiceOff.ini
[2013/09/09 16:22:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013/09/06 12:31:10 | 000,000,000 | -H-- | C] () -- C:\Windows\msds.dat
[2013/09/05 17:35:37 | 000,000,632 | RHS- | C] () -- C:\Users\Jenny\ntuser.pol
[2013/04/23 15:00:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/23 15:00:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/23 15:00:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/23 15:00:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/23 15:00:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/18 09:50:46 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-JENNY-TOSH-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/03/28 09:56:03 | 000,007,625 | ---- | C] () -- C:\Users\Jenny\AppData\Local\Resmon.ResmonCfg
[2013/01/02 14:03:50 | 000,000,000 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\bibstats
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/04 09:33:06 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ Angry_Birds
[2014/04/29 13:28:01 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\4 Friends Games
[2014/05/12 15:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Alawar
[2014/06/24 06:00:29 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Alawar Stargaze
[2014/04/25 07:47:36 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\AlawarEntertainment
[2014/04/22 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Artifex Mundi
[2014/09/27 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\AVG
[2014/09/27 16:14:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\AVG2015
[2014/05/10 15:07:20 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Big Fish Games
[2014/05/03 09:22:28 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Big Top Games
[2014/09/28 09:24:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\BitTorrent
[2014/04/05 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\BloodTies
[2014/05/07 06:04:50 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Blue Tea Games
[2014/01/10 15:40:18 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\BlueSprig
[2014/05/09 11:08:50 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Boomzap
[2014/01/10 11:11:38 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\C2ray
[2014/05/09 08:44:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\casualArts
[2014/04/30 07:57:38 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Chayowo Games
[2014/08/25 13:12:40 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DailyMagic
[2014/04/19 07:03:27 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DarkManor
[2014/03/29 08:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Deep Shadows
[2014/04/03 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DikobrazGames
[2014/04/05 08:06:21 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DominiGames
[2014/09/19 14:22:36 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Eipix
[2014/05/07 08:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\EleFun Games
[2014/05/08 08:29:53 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Elephant Games
[2012/03/11 16:02:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\EntwinedSoD
[2014/08/21 16:46:29 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ERS Game Studios
[2014/05/01 07:28:20 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Fanda Games
[2014/04/12 11:51:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Five-BN Games
[2014/09/19 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Friendly Cactus
[2014/03/31 14:32:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Funlinker
[2014/04/25 15:05:36 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\GameMill Entertainment
[2014/04/04 07:56:26 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ghost Ship Studios
[2014/06/24 05:36:58 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\GirlsWithSecretsAdventure
[2014/05/10 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\GO Games
[2014/04/04 16:08:27 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Goblinz
[2014/06/17 12:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\iMaxGen
[2014/04/05 10:22:13 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Koolhaus Games
[2014/08/21 15:34:20 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Mad Head Games
[2014/04/19 11:37:02 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Mariaglorum
[2014/03/26 13:41:53 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Meridian93
[2013/02/28 17:51:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Motorola
[2013/02/28 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Motorola Mobility
[2014/04/02 07:56:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Nevosoft
[2014/04/05 08:31:37 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Nevosoft Games
[2014/01/10 15:20:37 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Nico Mak Computing
[2012/03/08 06:47:54 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org
[2014/05/09 06:29:01 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Orneon
[2013/05/17 06:25:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\player
[2014/05/02 08:21:36 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst
[2014/05/07 05:54:40 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PuzzleLab
[2014/05/08 12:40:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Righteous Kill
[2014/06/19 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\RVLGames
[2014/07/25 11:22:28 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Serif
[2014/04/01 08:01:27 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ShamanGS
[2014/04/03 12:37:45 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\StolenSecrets
[2014/04/07 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SulusGames
[2014/02/20 07:18:26 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\T1 Games
[2014/05/04 06:52:53 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\tabagames
[2014/06/24 05:27:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Tape_Worm
[2014/05/10 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ToomkyGames.com
[2013/07/25 07:18:32 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Toshiba
[2014/09/27 16:13:34 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TuneUp Software
[2014/05/11 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TWODESPERADOS
[2014/04/04 11:13:30 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\URSE Games
[2014/08/25 12:48:52 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\VampireSaga
[2014/09/19 13:43:27 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\VendelGAMES
[2013/08/22 06:18:42 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Vtools
[2013/07/25 07:07:50 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\WinBatch
[2013/07/18 21:44:12 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Windows Live Writer
[2014/04/02 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wizard's Spell
[2014/01/27 07:20:26 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.
  • stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

    The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

    right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

    right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

    right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

    right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

    right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

    right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

    right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

    right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

    Ready? Now lets get to work

    First...

    ASWmbr Scan

    Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

    Double click the aswmbr.png aswMBR.exe to run it

    aswMBR1.png

    Click the "Scan" button to start scan

    If your computer supports Virtualization Technology, select Yes to use it for rootkit detection. When it offers to download the virus database allow that as well

    msgbox.png

    On completion of the scan click Save Log, save it to your desktop and post in your next reply

    aswMBR2.png

    The tool will also produce a copy of the mbrdump labeled MBR.dat. Please do not delete this file, it will be removed in our cleanup at the end.
    Next...
    Initial FRST Scan

    Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.
     
  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

    Drivers MD5
    Addition.txt

    frst-addition.png
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:
 

  • FRST and Addition Log
  • ASWmbr Log

 


  • 0

#3
toptopaz

toptopaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Many thanks for your reply but the problem is now resolved


  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Thank you for letting me know - Glad you are sorted.


  • 0

#5
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Just to let you know there are a few issues that may still need to be sorted on your computer.

  • You have multiple AV products installed which can lead to problems
  • There is a proxy server set which will be redirecting your internet traffic
  • Chrome preferences file is corrupted

If you require help with these then do not hesitate to ask and we will sort hem out for you

 

regards


  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP