Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91698 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

FLV Player and associated issues [Solved]


  • This topic is locked This topic is locked
24 replies to this topic

#16 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 07 November 2013 - 07:09 PM

Are you still with me?

Sorry man...I was out of town and when I came back to finish this I ran into some problems.

 

Eset took 3 hours to run.

Mbam finished but crashed at the end.  I turned off the computer and waited till today to see if it would work.  It did, so I ran the Mbam again.  I have attached two (2) of those logs - the older one was the one generated right before the crash, the second was run tonight.

 

Attached File  OTL(after fix).Txt   77.94KB   97 downloads

 

Attached File  threats found.txt   9.01KB   183 downloads

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.06.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Chuck :: CHUCK-PC [administrator]
 
Protection: Enabled
 
11/6/2013 6:04:40 AM
mbam-log-2013-11-06 (06-04-40).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251818
Time elapsed: 7 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 15
C:\Users\Chuck\Downloads\BestCodecsPack (1).exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\BestCodecsPack (2).exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\BestCodecsPack (3).exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\BestCodecsPack (4).exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\BestCodecsPack.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\converterlite_d793189.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\ffdshow_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\KingsoftOfficeSetup (1).exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\RegCleanPro.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\setup (1).exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\setup (2).exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\setup (3).exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\setup (4).exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\setup (5).exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\Chuck\Downloads\setup (6).exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
 
(end)
 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.06.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Chuck :: CHUCK-PC [administrator]
 
Protection: Disabled
 
11/7/2013 7:37:54 PM
mbam-log-2013-11-07 (19-37-54).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251752
Time elapsed: 9 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

Hope this helps.

 

Chuck

Lytnup


    Advertisements

Register to Remove


#17 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 07 November 2013 - 09:21 PM

Hi Chuck,

Apparently MBAM wasn't updated when you ran it previously and it missed some of the threats.

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Program Files (x86)\Uninstall Information\ib_uninst_342\uninstall.exe
    C:\Program Files (x86)\Uninstall Information\ib_uninst_343\uninstall.exe
    C:\Program Files (x86)\Uninstall Information\ib_uninst_454\uninstall.exe
    C:\Program Files (x86)\Uninstall Information\ib_uninst_518\uninstall.exe
    C:\Program Files (x86)\Uninstall Information\ib_uninst_519\uninstall.exe
    C:\Users\Chuck\Downloads\BestCodecsPack (1).exe
    C:\Users\Chuck\Downloads\BestCodecsPack (2).exe
    C:\Users\Chuck\Downloads\BestCodecsPack (3).exe
    C:\Users\Chuck\Downloads\BestCodecsPack (4).exe
    C:\Users\Chuck\Downloads\BestCodecsPack.exe
    C:\Users\Chuck\Downloads\RegCleanPro.exe
    C:\Users\Chuck\Downloads\setup (1).exe
    C:\Users\Chuck\Downloads\setup (2).exe
    C:\Users\Chuck\Downloads\setup (3).exe
    C:\Users\Chuck\Downloads\setup (4).exe
    C:\Users\Chuck\Downloads\setup (5).exe
    C:\Users\Chuck\Downloads\setup (6).exe
    C:\Users\Chuck\Downloads\setup.exe
    C:\Users\Chuck\Downloads\uplayermediaplayer-setup.exe
    C:\Windows.old\Program Files (x86)\Zynga\tbZyn1.dll
    C:\Windows.old\Program Files (x86)\Zynga\tbZyng.dll
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#18 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 07 November 2013 - 09:56 PM

Conspire,

 

All processes killed
========== FILES ==========
C:\Program Files (x86)\Uninstall Information\ib_uninst_342\uninstall.exe moved successfully.
C:\Program Files (x86)\Uninstall Information\ib_uninst_343\uninstall.exe moved successfully.
C:\Program Files (x86)\Uninstall Information\ib_uninst_454\uninstall.exe moved successfully.
File\Folder C:\Program Files (x86)\Uninstall not found.
File\Folder Information\ib_uninst_518\uninstall.exe not found.
C:\Program Files (x86)\Uninstall Information\ib_uninst_519\uninstall.exe moved successfully.
File\Folder C:\Users\Chuck\Downloads\BestCodecsPack (1).exe not found.
File\Folder C:\Users\Chuck\Downloads\BestCodecsPack (2).exe not found.
File\Folder C:\Users\Chuck\Downloads\BestCodecsPack (3).exe not found.
File\Folder C:\Users\Chuck\Downloads\BestCodecsPack (4).exe not found.
File\Folder C:\Users\Chuck\Downloads\BestCodecsPack.exe not found.
File\Folder C:\Users\Chuck\Downloads\RegCleanPro.exe not found.
File\Folder C:\Users\Chuck\Downloads\setup (1).exe not found.
File\Folder C:\Users\Chuck\Downloads\setup (2).exe not found.
File\Folder C:\Users\Chuck\Downloads\setup (3).exe not found.
File\Folder C:\Users\Chuck\Downloads\setup (4).exe not found.
File\Folder C:\Users\Chuck\Downloads\setup (5).exe not found.
File\Folder C:\Users\Chuck\Downloads\setup (6).exe not found.
C:\Users\Chuck\Downloads\setup.exe moved successfully.
C:\Users\Chuck\Downloads\uplayermediaplayer-setup.exe moved successfully.
C:\Windows.old\Program Files (x86)\Zynga\tbZyn1.dll moved successfully.
C:\Windows.old\Program Files (x86)\Zynga\tbZyng.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Chuck
->Temp folder emptied: 1348036 bytes
->Temporary Internet Files folder emptied: 938763 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 280625053 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
 
Clean OTL
 

OTL logfile created on: 11/7/2013 10:34:51 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chuck\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.19 Gb Available Physical Memory | 10.11% Memory free
3.75 Gb Paging File | 1.46 Gb Available in Paging File | 38.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 196.25 Gb Free Space | 65.86% Space Free | Partition Type: NTFS
Drive D: | 438.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 100.00 Mb Total Space | 70.31 Mb Free Space | 70.31% Space Free | Partition Type: NTFS
 
Computer Name: CHUCK-PC | User Name: Chuck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chuck\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2438727
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 D9 98 2A 8D B3 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E0 73 7F 01 CE 92 DB 49 93 44 82 6E 48 3E BC 6F  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chuck\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/15 19:39:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12 [2013/10/02 05:01:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/03 13:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/03 13:54:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/15 19:39:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com: C:\Users\Chuck\AppData\Local\ArcadeCandy\games@acandy.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\module@com.arcadesafari.firefox: C:\Users\Chuck\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox [2013/02/10 14:29:30 | 000,000,000 | ---D | M]
 
[2012/03/22 16:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Extensions
[2013/11/02 07:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ddlo8ag6.default\extensions
[2012/03/22 16:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: ShopAtHome.com extension = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.16_1\
CHR - Extension: RealDownloader = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_1\
CHR - Extension: Google Wallet = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
 
O1 HOSTS File: ([2013/11/01 07:59:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll File not found
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll File not found
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Chuck\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4738B20-4F64-4786-8651-8E1176449D3B}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll File not found
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1995/12/03 20:00:00 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/06 06:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Malwarebytes
[2013/11/06 06:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/06 06:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/06 06:02:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/06 06:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/06 06:00:56 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Programs
[2013/11/05 19:06:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/05 06:27:04 | 000,000,000 | ---D | C] -- C:\Users\Chuck\Desktop\(26 unread) - temco20@verizon.net - Verizon Yahoo Mail_files
[2013/11/02 07:23:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/01 14:00:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/01 08:03:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/01 07:47:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/01 07:47:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/01 07:47:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/01 07:47:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/31 12:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/10/31 12:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2013/10/30 21:03:35 | 000,000,000 | ---D | C] -- C:\Users\Chuck\Desktop\Virus Files
[2013/10/19 10:43:42 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Kingsoft
[2013/10/19 10:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Office
[2013/10/19 10:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kingsoft
[2013/10/19 10:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft
[2013/10/19 10:41:10 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Kingsoft
[2013/10/19 10:31:31 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013/10/19 10:27:49 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\avgchrome
[2013/10/19 10:15:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/10/19 10:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/10/14 22:07:26 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\AVG2014
[2013/10/14 22:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/10/14 21:28:10 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Avg2014
[2013/10/09 21:46:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/09 21:46:58 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/09 21:46:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/09 21:46:57 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/09 21:46:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/09 21:46:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/09 21:46:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/09 21:46:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/09 21:46:57 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/09 21:46:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/09 21:46:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/09 21:46:55 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/09 21:46:55 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/09 21:46:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/09 21:46:54 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/09 21:42:03 | 000,000,000 | ---D | C] -- C:\52c475938af82c11600971
[2013/10/09 21:33:23 | 000,000,000 | ---D | C] -- C:\45e5ff06080eec68cdc8aec4d49a
[2013/10/09 04:57:18 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/09 04:57:15 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 04:57:15 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 04:57:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/09 04:57:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/09 04:57:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 04:57:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/09 04:57:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 04:57:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/09 04:57:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/09 04:57:11 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/09 04:57:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/09 04:56:56 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/09 04:56:56 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/09 04:56:55 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/09 04:56:54 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/09 04:56:54 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/09 04:56:54 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/09 04:56:54 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/09 04:56:53 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/09 04:56:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/09 04:56:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/09 04:56:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/09 04:56:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/09 04:56:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/09 04:56:24 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 04:56:24 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 04:56:19 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 04:56:05 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/09 04:56:05 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[6 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/07 22:38:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/07 22:35:22 | 000,014,816 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 22:35:22 | 000,014,816 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 22:30:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/07 22:30:18 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2013/11/07 22:30:14 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\ContinueToSaveUpdaterTask{84A2E8B7-B46B-4050-B93A-5F893E706D55}.job
[2013/11/07 22:30:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/07 22:30:00 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/07 21:55:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Chuck.job
[2013/11/07 21:50:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/07 21:12:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2109932682-201200126-2622220936-1000UA.job
[2013/11/07 20:22:42 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\Arcadesafari.job
[2013/11/07 18:12:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2109932682-201200126-2622220936-1000Core.job
[2013/11/07 04:49:56 | 000,749,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/07 04:49:56 | 000,639,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/07 04:49:56 | 000,113,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/06 06:02:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/05 06:27:04 | 000,393,059 | ---- | M] () -- C:\Users\Chuck\Desktop\(26 unread) - temco20@verizon.net - Verizon Yahoo Mail.htm
[2013/11/01 07:59:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/31 12:47:25 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Express Zip.lnk
[2013/10/25 04:49:02 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/10/25 04:49:01 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/10/25 04:49:01 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2013/10/24 20:58:09 | 000,000,164 | ---- | M] () -- C:\Windows\SysNative\cc_20131024_215801.reg
[2013/10/24 20:57:28 | 000,075,972 | ---- | M] () -- C:\Windows\SysNative\cc_20131024_215713.reg
[2013/10/20 09:27:48 | 000,332,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/19 10:42:40 | 000,001,404 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Writer.lnk
[2013/10/19 10:42:40 | 000,001,402 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Presentation.lnk
[2013/10/19 10:42:40 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk
[2013/10/19 10:27:25 | 000,001,165 | ---- | M] () -- C:\Users\Chuck\Desktop\Continue Kingsoft Office Free Download Installation.lnk
[2013/10/17 09:02:56 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll.000.bak
[2013/10/14 22:05:29 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/09 11:33:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/09 11:33:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[6 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/06 06:02:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/05 06:27:03 | 000,393,059 | ---- | C] () -- C:\Users\Chuck\Desktop\(26 unread) - temco20@verizon.net - Verizon Yahoo Mail.htm
[2013/11/01 07:47:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/01 07:47:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/01 07:47:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/01 07:47:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/01 07:47:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/31 12:47:25 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
[2013/10/31 12:47:25 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Express Zip.lnk
[2013/10/24 20:58:03 | 000,000,164 | ---- | C] () -- C:\Windows\SysNative\cc_20131024_215801.reg
[2013/10/24 20:57:19 | 000,075,972 | ---- | C] () -- C:\Windows\SysNative\cc_20131024_215713.reg
[2013/10/19 10:42:41 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\WpsUpdateTask_Chuck.job
[2013/10/19 10:42:40 | 000,001,404 | ---- | C] () -- C:\Users\Public\Desktop\Kingsoft Writer.lnk
[2013/10/19 10:42:40 | 000,001,402 | ---- | C] () -- C:\Users\Public\Desktop\Kingsoft Presentation.lnk
[2013/10/19 10:42:40 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk
[2013/10/19 10:27:25 | 000,001,165 | ---- | C] () -- C:\Users\Chuck\Desktop\Continue Kingsoft Office Free Download Installation.lnk
[2013/10/14 22:05:28 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/05/20 19:29:16 | 000,135,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/02/02 11:18:27 | 000,210,841 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2013/02/02 11:18:27 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2013/01/12 16:56:01 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CHUCK-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2012/06/28 18:39:15 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\cdga.dll
[2011/01/15 11:58:23 | 000,000,093 | ---- | C] () -- C:\Users\Chuck\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:A3E39C6A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3A0561F3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
 
< End of report >
 


#19 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 08 November 2013 - 02:46 AM

Chuck,

Are there any crashes after the last one? Any new issues that you have encountered?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#20 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 08 November 2013 - 05:12 AM

Seems ok...haven't noticed anything.

 

Chuck,

Lytnup



#21 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 08 November 2013 - 06:31 AM

Alright, you're good to go then! :)

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
===================================================

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.


SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any questions or problems to ask? Please do not hesitate to do so.

**Please respond this one more time to ensure it is resolved and close this topic.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#22 Lytnup

Lytnup

    Authentic Member

  • Authentic Member
  • PipPip
  • 63 posts

Posted 08 November 2013 - 07:13 PM

Conspire,

 

Thanks...again.

 

One more question.

 

Every now and then I get a pop up about Oracle "JustCheck".  Is this something to be concerned about?

 

Chuck



#23 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 08 November 2013 - 10:11 PM

Is it asking you to update Java?

 

One more thing, I forgot to include Combofix removal instructions. I am so sorry for being tardy and this is what I would like you to do.

 

Download ComboFix here and save to your desktop. Don't need to run it again.

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall

Combofix_uninstall_image.jpg


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#24 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 08 November 2013 - 10:11 PM

Thanks for your donation BTW :)


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#25 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 16 November 2013 - 05:45 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users