Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google on IE wont work


  • This topic is locked This topic is locked
2 replies to this topic

#1 bignt10101

bignt10101

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 21 August 2014 - 06:35 PM

today i used combofix after to remove idp generic. it went well, followed instructions from other threads and all, deactivated anti virus. went smoothly. didnt do anything else besides restarting the computer. however, now google doesnt work on IE while everything else does. google seems to work on chrome though (thank god if he exists). so i jsut wanna know what to do from this point, since i dont wanna do something stupid (again). also, from other threads i read, combofix doesnt always work, so how do i scan for the virus just in case it bypasses my avg scan. (note: its avg free).
 
also, i attached the txt file from the C:\ComboFix.txt. if you need anything else please tell me so i will post it. thank you.

ComboFix 14-08-21.01 - owner 1/2014 Thu 22:17:28.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.932.81.1033.18.4087.1851 [GMT 3:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\patch.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-07-21 to 2014-08-21 )))))))))))))))))))))))))))))))
.
.
2074-05-18 14:44 . 2008-03-21 11:46 607296 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2014-08-21 20:42 . 2014-08-21 20:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-21 20:42 . 2014-08-21 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-17 21:48 . 2014-08-17 22:05 -------- d-----w- c:\program files (x86)\Saints Row IV
2014-08-16 21:31 . 2014-08-16 21:31 -------- d-----w- c:\users\owner\AppData\Roaming\InstallShield Installation Information
2014-08-14 00:03 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 00:03 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 00:03 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 00:03 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 00:03 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 00:03 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 00:02 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 00:02 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 21:26 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-13 21:24 . 2014-07-16 03:25 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-13 21:23 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 21:23 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-04 15:59 . 2014-08-04 16:36 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-04 15:59 . 2014-08-04 15:59 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-04 15:59 . 2014-08-04 15:59 -------- d-----w- c:\programdata\Malwarebytes
2014-08-04 15:59 . 2014-05-12 04:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-04 15:59 . 2014-05-12 04:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-04 15:59 . 2014-05-12 04:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-04 01:17 . 2014-08-04 01:17 -------- d-----w- c:\program files\Enigma Software Group
2014-08-04 01:14 . 2014-08-04 15:53 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-03 12:55 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-03 12:55 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-03 12:55 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-03 12:55 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-03 12:55 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-03 12:55 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-03 12:55 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-03 12:55 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-03 12:55 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-03 12:55 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-03 12:54 . 2014-05-14 06:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-03 12:54 . 2014-05-14 06:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-03 12:54 . 2014-05-14 06:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-03 12:54 . 2014-05-14 06:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 01:50 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-14 00:15 . 2010-07-07 18:53 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-11 23:41 . 2012-08-29 14:50 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-07-09 15:51 . 2012-03-31 10:12 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 15:51 . 2011-06-03 11:01 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-30 09:43 . 2014-06-30 09:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-18 02:18 . 2014-07-10 12:36 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 12:36 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 13:21 . 2014-06-17 13:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 13:07 . 2014-06-17 13:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 13:06 . 2014-06-17 13:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 13:06 . 2014-06-17 13:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 13:06 . 2014-06-17 13:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 13:06 . 2014-06-17 13:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 13:06 . 2014-06-17 13:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-06-06 10:10 . 2014-07-10 12:36 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-10 12:36 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-10 12:35 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-10 12:35 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-10 12:35 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-10 12:36 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-10 12:36 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-10 12:36 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-10 12:36 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-10 12:36 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-10 12:36 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-10 12:36 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-10 12:36 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-10 12:36 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-10 12:36 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-10 12:36 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-10 12:36 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-10 12:36 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-10 12:36 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-10 12:36 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2003-12-06 20:12 121856 --sha-w- c:\windows\SysWOW64\fpplock.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
"{8a68a79b-d305-421f-8fc0-d6fae3c21e37}"= "c:\program files (x86)\Veoh_Web_Player_New\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{8a68a79b-d305-421f-8fc0-d6fae3c21e37}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8a68a79b-d305-421f-8fc0-d6fae3c21e37}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Veoh_Web_Player_New\prxtbVeoh.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-11 23:41 3627032 ----a-w- c:\program files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll" [2014-08-11 3627032]
"{8a68a79b-d305-421f-8fc0-d6fae3c21e37}"= "c:\program files (x86)\Veoh_Web_Player_New\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{8a68a79b-d305-421f-8fc0-d6fae3c21e37}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-11-28 4686848]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
"Akamai NetSession Interface"="c:\users\owner\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2014-08-11 2640408]
"Warning: do not remove it!"="fpplock.exe" [2003-12-06 121856]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2014-06-03 2368736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se64a.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 se64a;EnTech softEngine;c:\windows\system32\Drivers\se64a.sys;c:\windows\SYSNATIVE\Drivers\se64a.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
S2 softOSD;softOSD;c:\program files (x86)\softOSD\softOSD.exe;c:\program files (x86)\softOSD\softOSD.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 09:41 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:51]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 19:17]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 19:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.il/webhp?sourceid=navclient&ie=UTF-8
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &????? ?? Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 10.100.102.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{8A68A79B-D305-421F-8FC0-D6FAE3C21E37} - (no file)
AddRemove-Muv-Luv DVD Ver - c:\users\owner\Downloads\[Fuwanovel] Muv-Luv -English-\muv-luv\uninst.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-U3RhckNyYWZ0IElJOiBIZWFydCBvZiB0aGUgU3dhcm0gKGMp~BFC02D25_is1 - c:\program files (x86)\StarCraft II\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"=hex:51,66,7a,6c,4c,1d,38,12,1d,bc,83,
c9,c4,6e,81,01,e6,2b,f8,d2,06,5d,f9,3a
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bb,9c,16,fe,4b,26,cd,01
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\relic UGP Applications\age\Þ0Ö0é0ô01*1*\Installation]
"bInstalled"=dword:00000001
"strAbsolutePath"="c:\\Users\\owner\\Downloads\\[Fuwanovel] Muv-Luv -English-\\muv-luv\\"
"strIciPath"="c:\\Users\\owner\\Downloads\\[Fuwanovel] Muv-Luv -English-\\muv-luv\\ƒ}ƒuƒ‰ƒ”11.rio.ici"
"strInstallSourcePath"="i:\\"
"strInstallSystemType"=""
"strInstallTypeSelect"="1"
"strObjectOcean"="c:\\Users\\owner\\Downloads\\[Fuwanovel] Muv-Luv -English-\\muv-luv\\ƒ}ƒuƒ‰ƒ”11.rio"
"strTTFileName"="ƒ}ƒuƒ‰ƒ”11.rbt"
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\relic UGP Applications\age\Þ0Ö0é0ô01*1*\InstallFont]
"‚l‚r ‚oƒSƒVƒbƒN%#16%$-B"="ƒ}ƒuƒ‰ƒ”11.rio\\‚l‚r ‚oƒSƒVƒbƒN16B.5RF"
"‚l‚r ‚oƒSƒVƒbƒN%#24%$-B%$-A"="ƒ}ƒuƒ‰ƒ”11.rio\\‚l‚r ‚oƒSƒVƒbƒN24BA.5RF"
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\relic UGP Applications\age\Þ0Ö0é0ô01*1*\PeculiarToTheApp]
"strTheAppName"="ƒ}ƒuƒ‰ƒ”1.1"
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\relic UGP Applications\age\Þ0Ö0é0ô01*1*\rUGPBasic]
"nRugpVersion"=dword:0000157c
"strRugpPluginFolder"="c:\\Users\\owner\\Downloads\\[Fuwanovel] Muv-Luv -English-\\muv-luv\\Plugins"
"bIsIllegalTerminateCheck"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\relic UGP Applications\age\Þ0Ö0é0ô01*1*\rvmmBoxSettings]
"nFontBlank"=dword:00000002
"nMainFontColor"=dword:ffffffff
"nSelectedFontColor"=dword:ff8090c0
"nWndBaseColor1"=dword:002020a0
"nWndBaseColor2"=dword:00c0c0ff
"nWndBaseGradation"=dword:00000001
"nWndBaseRatioDst"=dword:00000006
"nWndBaseRatioSrc"=dword:000000c0
"nWndFrameLevel"=dword:00000003
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\relic UGP Applications\age\Þ0Ö0é0ô01*1*\rvmmInstallation]
"strFontCachePath"="c:\\Users\\owner\\Downloads\\[Fuwanovel] Muv-Luv -English-\\muv-luv\\"
"strVirtuaRegistryAbsolutePath"="c:\\Users\\owner\\Downloads\\[Fuwanovel] Muv-Luv -English-\\muv-luv\\Vmreg\\"
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\relic UGP Applications\age\Þ0Ö0é0ô01*1*\rvmmPeculiarToTheApp]
"bCanSettingFont"=dword:00000001
"bCanSettingSound"=dword:00000001
"bCanSettingWindow"=dword:00000001
"bFullScreenMenuOff"=dword:00000000
"bPageOverNext"=dword:00000000
"bUucAccessMasterKey"=dword:00000001
"bWindowMenuAccessMasterKey"=dword:00000001
"strLowSpecFont"="‚l‚r ‚oƒSƒVƒbƒN%#16%$-B"
"strStandardFont"="‚l‚r ‚oƒSƒVƒbƒN%#24%$-B%$-A"
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\relic UGP Applications\age\Þ0Ö0é0ô01*1*\rvmmUISettings]
"dwMainFontStyle"=dword:0000000c
"nTextSpeed"=dword:00000030
"bFullScreen"=dword:00000001
"strCurrentMonitorDevice"=""
"dwCurrentMonitorFlag"=dword:00000000
"nWindowSize"=dword:00000003
"nFaceWindowSize"=dword:00000003
"isBgm"=dword:00000001
"isEffect"=dword:00000001
"nVoiceLevel"=dword:00000001
"nLayeredEffect"=dword:00000001
"nSeenMsgSkip"=dword:00000001
"nAutoMsgSkip"=dword:00000000
"bMouseTrace"=dword:00000001
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"?œÐ"=hex:69,f0,fe,73,b8,d1,38,19,0a,4b,87,94,53,20,ae,e1,2a,42,99,aa,6e,24,e9,
72,6d,01,49,84,6f,eb,0f,8d,9f,ac,77,71,3b,68,a8,f0,dd,d1,97,35,0b,7b,e8,08,\
"?Ë"=hex:30,7e,e3,f8,62,d6,50,8d,47,7c,a7,f3,10,66,4f,04
.
[HKEY_USERS\S-1-5-21-3943850351-2748625779-1771408478-1000\Software\SecuROM\License information*]
"datasecu"=hex:d2,09,6a,ba,ff,22,43,03,20,68,67,f7,05,91,fa,66,b5,0c,f8,ee,07,
b4,da,51,2f,0f,e5,26,9a,b2,ef,e3,a1,6c,2d,52,a3,10,94,24,18,ae,cf,ac,e4,c9,\
"rkeysecu"=hex:3f,3a,1d,68,5d,f0,12,86,4d,7e,8d,eb,df,c9,ed,4b
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-21 23:53:37
ComboFix-quarantined-files.txt 2014-08-21 20:53
.
Pre-Run: 146,353,192,960 bytes free
Post-Run: 145,798,766,592 bytes free
.
- - End Of File - - 498FB3D7B95764205E02D2B5C28503FC
A36C5E4F47E84449FF07ED3517B43A31

Attached Files


Edited by nasdaq, 26 August 2014 - 08:51 AM.
ComboFix posted.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 PM

Posted 26 August 2014 - 08:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

===

Reset Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 PM

Posted 30 August 2014 - 07:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users